期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于双栈的缓冲区溢出攻击的防御 被引量:3

Stack Buffer Overflow Prevention Based on Dual-stack
下载PDF
导出
摘要 针对基于Intel 80X86结构的C/C++栈缓冲区溢出攻击的典型防御方法的不足,提出了一种基于双栈结构的缓冲区溢出漏洞的防御方法,设计并实现了一个ELF格式目标文件重构工具.实验结果表明,所提出的方法和开发的工具能在较低的性能开销下实现栈缓冲区溢出攻击的防御. An analysis is made of the classical buffer overflow prevention methods for Intel 80X86 architecture and C/C++.A new stack buffer overflow prevention method based on dual-stack is proposed due to the shortcomings of classical methods.Besides,an object file reconstructing tool for ELF format files is implemented with the dual-stack structure.Experiment results show that the proposed method and the tool are efficient for buffer overflow attack prevention with low overhead.
作者 陈林博 江建慧 张丹青
机构地区 同济大学计算机科学与技术系
出处 《同济大学学报(自然科学版)》 EI CAS CSCD 北大核心 2012年第3期452-458,共7页 Journal of Tongji University:Natural Science
基金 国家"八六三"高技术研究发展计划(2007AA01Z142)
关键词 软件漏洞 栈缓冲区溢出攻击 栈缓冲区溢出攻击防御 双栈 software vulnerabilities stack buffer overflow stack buffer overflow prevention dual-stack
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献24

  • 1Austin T M,Breach S E,Sohi G S. Efficient detection of all pointer and array access errors[A].Orlando:ACM New York Press,1994.290-301. 被引量:1
  • 2Jones R W M,Kelly P H J. Backwards-compatible bounds checking for arrays and pointers in C programs[A].Link(o)ping:Link(o)ping Univerty Electronic Press,1997.13-26. 被引量:1
  • 3National Institute of Standards and Technology. National vulnerability database statistics[EB/OL].http://nvd.hist.gov/statistics.cfm,2009. 被引量:1
  • 4Aleph One. Smashing stack for fun and profit[EB/OL].http://www.phrack.com/issues.html? issue:49&id=14 # article,2009. 被引量:1
  • 5Etoh H. ProPolice:GCC extension fro protecting applications from stack-smashing attacks[EB/OL].http://www.trl.ibm.com/projects/security/ssp/,2009. 被引量:1
  • 6Riley R,Jiang X,Xu D. An architectural approach to preventing code injection attacks[J].IEEE Transactions on Dependable and Secure Computing,2010,(04):351.doi:10.1109/TDSC.2010.1. 被引量:1
  • 7Salamat B,Jackson T,Wagner G. Runtime defense against code injection attacks using replicated execution[J].IEEE Transactions on Dependable and Secure Computing,2011,(04):588.doi:10.1109/TDSC.2011.18. 被引量:1
  • 8Strackx R,Younan Y,Philippaerts P. Breaking the memory secrecy assumption[A].Nuremburg:ACM New York Press,2009.1-8. 被引量:1
  • 9Chiueh T,Hsu F. RAD:A compile-time solution to buffer overflow attacks[A].Phoenix:IEEE Computer Society,2001.409-420. 被引量:1
  • 10Xu J,Kalbarczyk Z,Iyer R. Transparent runtime randomization for security[A].Florence:IEEE Computer Society,2003.260-269. 被引量:1

共引文献48

同被引文献55

  • 1冯谷,高鹏.新型SQL注入技术研究与分析[J].计算机科学,2012,39(S3):415-417. 被引量:10
  • 2孙茜.Web2.0的含义、特征与应用研究[J].现代情报,2006,26(2):69-70. 被引量:161
  • 3陈小兵,张汉煜,骆力明,黄河.SQL注入攻击及其防范检测技术研究[J].计算机工程与应用,2007,43(11):150-152. 被引量:73
  • 4李毅超,刘丹,韩宏,卢显良.缓冲区溢出漏洞研究与进展[J].计算机科学,2008,35(1):87-89. 被引量:11
  • 5BISHT P, VENKATAKRISHNAN V N. XSS-GUARD. Detection of Intrusions and Malware, and Vulnerability Assessment[M]. Berlin Heidelberg : Springer, 2008. 被引量:1
  • 6ZELLER W, FELTEN E W. Cross-site Request Forgeries: Exploitation and Prevention[J]. The New York Times, 2008: 1-13. 被引量:1
  • 7OWASP Foundation. OWASP Top Ten Project[EB/OL]. https:// www.owasp.org/index.php/Category:OWASP Top_Ten_Project, 2015- 5-15. 被引量:1
  • 8ANLEY C. Advanced SQL Injection in SQL Server Applications[EB/OL], https://www.exploit-db.com/docs/58.pdf, 2015-5-15. 被引量:1
  • 9HALFOND W G, VIEGAS J, ORSO A. A Classification of SQL- injection Attacks and Countermeasures[C]//IEEE. IEEE International Symposium on Secure Software Engineering, March 13-15, 2006, McLean, Virginia. Piscataway, NJ: IEEE, 2006, (1): 13-15. 被引量:1
  • 10FU X, LU X, PELTSVERGER. B, et al. A Static Analysis Framework for Detecting SQL Injection Vulnerabilities[C]// IEEE. 31st Annual International of Computer Software and Applications Conference, 2007(COMPSAC 2007 ). July 24-27 2007, Beijing, China. Piscataway, NJ: IEEE, 2007, (1) : 87-96. 被引量:1

引证文献3

二级引证文献17

同济大学学报(自然科学版)
2012年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部