FPW对堆栈溢出的检测
|
摘要
在过去的十年中,利用堆栈溢出漏洞进行攻击已成为网络攻击的主要方式之一。堆栈溢出指的是一种系统攻击的手段,通过往程序的堆栈写超出其长度的内容,造成堆栈的溢出,使程序转而执行其它指令,以达到攻击的目的。
在理论上存在三类方法检测堆栈溢出:不允许用超长的输入参数覆盖返回地址;允许返回地址被覆盖,但不允许控制流转向非授权的用户;允许控制流转向非授权的用户,但不允许其可执行代码被运行。
作者提出利用前帧指针检测堆栈溢出的方法即FPW(Frame Pointer Watcher)。FPW用Usu Prefrm和Jmp Prefrm两个不同的监视区来记录两类函数调用所形成的帧的前帧指针。与Stack Guard和RAD相比,FPW具有同样程度的安全性、占用更少的内存空间、减少进程意外终止的可能性和更好的运行效果等优点。
In the past ten years , stack overflow has become one of most common attacks . Smashing stack is a kind of systemly attack ,which usually write overlong contents in application frame in order to change the control flow to invader.
Three means exists in current defencing the overrun of stack: overwriting contents in stack with too long arguments is not allowed ; overwriting is allowed but unauthorized change of control flow is not allowed; change of control flow is allowed but execution of injected code is prevented.
We detect stack overflow by monitoring the Previous Frame Pointer. Such comes the tool FPW(Frame Pointer Watcher). It uses different zones named Usu-Prefrm Zone and Jmp-Prefrm Zone to record changing of the Previous Frame Pointer in stack . Compared with Stack Guard and RAD , FPW has more efficent performance, same safety and less memory cost.
在理论上存在三类方法检测堆栈溢出:不允许用超长的输入参数覆盖返回地址;允许返回地址被覆盖,但不允许控制流转向非授权的用户;允许控制流转向非授权的用户,但不允许其可执行代码被运行。
作者提出利用前帧指针检测堆栈溢出的方法即FPW(Frame Pointer Watcher)。FPW用Usu Prefrm和Jmp Prefrm两个不同的监视区来记录两类函数调用所形成的帧的前帧指针。与Stack Guard和RAD相比,FPW具有同样程度的安全性、占用更少的内存空间、减少进程意外终止的可能性和更好的运行效果等优点。
In the past ten years , stack overflow has become one of most common attacks . Smashing stack is a kind of systemly attack ,which usually write overlong contents in application frame in order to change the control flow to invader.
Three means exists in current defencing the overrun of stack: overwriting contents in stack with too long arguments is not allowed ; overwriting is allowed but unauthorized change of control flow is not allowed; change of control flow is allowed but execution of injected code is prevented.
We detect stack overflow by monitoring the Previous Frame Pointer. Such comes the tool FPW(Frame Pointer Watcher). It uses different zones named Usu-Prefrm Zone and Jmp-Prefrm Zone to record changing of the Previous Frame Pointer in stack . Compared with Stack Guard and RAD , FPW has more efficent performance, same safety and less memory cost.
引文
1. Aleph One, Smashing the Stack for Fun and Profit. Phrack 49期.
2. Nathan P.Smith, Stack Smashing Vulneravilities in the UNIX Operating System,http://millcoomm.com/~nate/machines/security/stackk-smashing/nate-buffer, ps, 1997.
3. Evan Thomas, Attack Class: Buffer Overflow. http://students.ou.edu/W/Amos.P.Waterland-1/wellspring/buffer_overflow. html.
4. Richard W M Jones and Paul H J Kelly,Bounds checking for C,http://www-ala. doc.ic.ac.uk/~phjk/BoundsChecking.html,July 1995。
5. Steve Summit,Pointers to Functiions,http://gsu.linux.org.tr/doc/C/c_faq/~scs/cclass/int/sx 10.html
6. "solar Designer",Non-Executable User Stack,http://www. false.com/security/linux-stack.
7. Arash Baratloo,Tiimothy Tsai and Nacjot Singh Bell Labs,Lucent Technologies,Libsafe:Protecting Critical Elements of Stacks,http://www,bell-labs.com/org/11356/libsafe.html,1999
8. Crispin Cowan, Calton Pu, Dave Maieret.StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks.Proceedings in the 7th USENIX Security Symposium,January 1998:
9. Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle and Erik Walthinsen.Protecting Systems from Stack Smashing Attacks with StackGuard http://www, immunix.org/documentation.html
10. Tzi-cker Chiueh,Fu-Hau Hsu, RAD:A Compile-Time Solution to Buffer Overflow Attacks. International Conference on Distributed Computing Systems (ICDCS), 2001.http://www. ecsl. cs.sunysb, edu/tr/TR96.ps
11. Mudge,How to write buffer ocerflows.http;//www, insecure.org/stf/mudge_buffer_overflow_tutorial.html,1995.
12. Klog,"The Frame Pointer Overwrite", Phrack Magazine,1999,第9卷。
13. Istcan Simon, A Comparatice Analysis of Methhods of Defense against Buffer Ocerflow Attacks,http://www.mcs.csuhatward.edu/~simon/security/,2001
14. David Wagner, Jeffrey S.Foster, Eric A.Brewer, Alexander Aiken, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities,
15.尤晋元,UNIX操作系统教程,西北电讯工程学院出版社,1985年。
16.陈莉君,Linux操作系统内核分析,人民邮电出版社,2000年。
17.尤晋元等译,UNIX环境高级编程,机械工业出版社,2000年。
18.聊鸿斌,曲广之,王元鹏等译,UNIX高级教程系统技术内幕,清华大学出版社,1999年。
19.孙海彬,徐良贤,杨环银,堆栈溢出攻击的原理及检测,计算机工程2001年10月,第27卷10期。
20.张亮,蒋东兴,徐时新,主机网络安全及其关键技术研究。计算机工程与应用,2001年10月。
21.汪立东,方滨兴,UNIX缓冲区溢出攻击:技术原理、防范与检测,计算机工程与应用,2000年2月。
2. Nathan P.Smith, Stack Smashing Vulneravilities in the UNIX Operating System,http://millcoomm.com/~nate/machines/security/stackk-smashing/nate-buffer, ps, 1997.
3. Evan Thomas, Attack Class: Buffer Overflow. http://students.ou.edu/W/Amos.P.Waterland-1/wellspring/buffer_overflow. html.
4. Richard W M Jones and Paul H J Kelly,Bounds checking for C,http://www-ala. doc.ic.ac.uk/~phjk/BoundsChecking.html,July 1995。
5. Steve Summit,Pointers to Functiions,http://gsu.linux.org.tr/doc/C/c_faq/~scs/cclass/int/sx 10.html
6. "solar Designer",Non-Executable User Stack,http://www. false.com/security/linux-stack.
7. Arash Baratloo,Tiimothy Tsai and Nacjot Singh Bell Labs,Lucent Technologies,Libsafe:Protecting Critical Elements of Stacks,http://www,bell-labs.com/org/11356/libsafe.html,1999
8. Crispin Cowan, Calton Pu, Dave Maieret.StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks.Proceedings in the 7th USENIX Security Symposium,January 1998:
9. Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle and Erik Walthinsen.Protecting Systems from Stack Smashing Attacks with StackGuard http://www, immunix.org/documentation.html
10. Tzi-cker Chiueh,Fu-Hau Hsu, RAD:A Compile-Time Solution to Buffer Overflow Attacks. International Conference on Distributed Computing Systems (ICDCS), 2001.http://www. ecsl. cs.sunysb, edu/tr/TR96.ps
11. Mudge,How to write buffer ocerflows.http;//www, insecure.org/stf/mudge_buffer_overflow_tutorial.html,1995.
12. Klog,"The Frame Pointer Overwrite", Phrack Magazine,1999,第9卷。
13. Istcan Simon, A Comparatice Analysis of Methhods of Defense against Buffer Ocerflow Attacks,http://www.mcs.csuhatward.edu/~simon/security/,2001
14. David Wagner, Jeffrey S.Foster, Eric A.Brewer, Alexander Aiken, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities,
15.尤晋元,UNIX操作系统教程,西北电讯工程学院出版社,1985年。
16.陈莉君,Linux操作系统内核分析,人民邮电出版社,2000年。
17.尤晋元等译,UNIX环境高级编程,机械工业出版社,2000年。
18.聊鸿斌,曲广之,王元鹏等译,UNIX高级教程系统技术内幕,清华大学出版社,1999年。
19.孙海彬,徐良贤,杨环银,堆栈溢出攻击的原理及检测,计算机工程2001年10月,第27卷10期。
20.张亮,蒋东兴,徐时新,主机网络安全及其关键技术研究。计算机工程与应用,2001年10月。
21.汪立东,方滨兴,UNIX缓冲区溢出攻击:技术原理、防范与检测,计算机工程与应用,2000年2月。