轻量级缓冲区溢出防护技术研究

【作者】 何子昂；

【导师】 李毅超；

【作者基本信息】 电子科技大学 ， 计算机应用技术， 2008， 硕士

【摘要】 计算机软件的普遍应用带给人们越来越多的便捷,并日益影响人们的日常生活,但计算机软件中存在大量的错误及漏洞,隐藏着巨大的风险。因此,无论是科研机构还是企业,都在努力研究避免软件出现错误和漏洞的方法。对缓冲区溢出的研究,在计算机网络与信息安全领域有着非常重要的理论和实用价值。本文对缓冲区溢出攻击技术进行了深入的研究,并且根据缓冲区溢出攻击的基本原理,提出了一种基于地址空间随机化的溢出防护技术,该方法针对远程缓冲区溢出的基本原理,并根据这个基本原理进行了有效的防护。本文首先阐述了课题的研究背景、意义以及国内外研究现状,研究分析了各种缓冲区溢出攻击技术以及shellcode的编写方法。根据缓冲区溢出利用跳转地址这一原理,提出了基于地址空间随机化的溢出防护技术。地址空间随机化技术是为了防止远程缓冲区溢出攻击对系统核心对象的预计,将系统核心对象和组件在内存中的地址空间进行随机化,使得溢出攻击失效的防御安全技术。根据该方法,利用Windows内核相关技术及设备驱动程序开发技术,进行基于地址空间随机化的缓冲区溢出防护系统的设计及实现,给出了系统总体结构、具体模块的设计流程以及开发环境等。然后,在Metasploit真实的攻击环境及使用复杂的攻击类型对该系统进行测试。实验结果表明,本文提出的方法能够完全的抵御大部分缓冲区溢出攻击,有力地保障了系统。最后,对全文进行了总结并讨论了这种技术存在的技术局限性以及对后续工作的展望。更多还原

【Abstract】 The popularization of software has brought people much convenience and changed our life at same time. But there are lots of errors hided in software, which will cause vulnerabilities or security holes in system and bring huge risks. Now many institutes and companies pay more attention to finding methods to avoid software errors. Buffer overflow research is very valuable in practice and in theory in computer network and information security. The paper analyzes the buffer overflow attack and promotes a method for defending buffer overflow based on Address-Space Randomization. The method keeps focus on the fundamental principle of the remote buffer overflow and protectes systems following the principle.Firstly, the paper expounds background and studies of this field and analyses different kinds of buffer overflow attacks and methods of making shellcode. It promotes an overflow protect technology which on Address-Space Randomization under the Address-Jump principle. The Address-Space Randomization technology is to guard against the prevention of the system kernel objects by remote buffer overflow attack. It randomes the memory space of the system kernel objects and other objects in order to defend remote buffer overflow attack. We make use of the Windows kernel related technology and device driver program develop technology to design and implement the buffer overflow protect system based on the Address-Space Randomization. The paper shows the system collectivity structure, module’s detail design flow and develop environment.The system is discussed by experiment, both in Metasploit real attack environment and in confused attack environment. The result shows the method could protect most of all buffer overflow attacks. At last we give out a conclusion of the paper and talk about the limits of the technology and look forward to the future work.更多还原