使用QEMU模擬器偵測緩衝區溢位攻擊

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：28

、訪客IP：3.145.94.251

姓名

郭后翔(Hou-Xiang Kuo) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

使用QEMU模擬器偵測緩衝區溢位攻擊
(Detection of Buffer Overflow Attacks with QEMU Emulator)

相關論文

★ 整合多樣配置組態下的藍芽射頻驗證系統	★ 具檔案敘述相關語查詢之智慧型檔案搜尋系統
★ 具遲到者支援功能之網際網路簡報系統	★ 以快速廣播法建構熱門視訊隨選服務伺服器
★ 具事件同步再現特性之遠程電傳展示伺服器	★ 無線網路環境下之廣播資訊快速下載
★ 中文網站繁簡互訪協助系統	★ 支援時光平移播放之調適性現場直播演算法
★ 用於互動式廣播之段落對齊法	★ 熱門影片廣播法之影片區段復原機制
★ 配合熱門影片廣播的本地伺服器高效快取法	★ 一個增進SIP在防火牆環境中應用的協同模組
★ 考量網頁熱門度之一致性雜湊法解決網頁代理伺服器之負載平衡	★ 以網域名稱伺服器為基礎之色情網站過濾系統
★ 使用熱門廣播法及支援點對點傳輸之影音內容傳遞網路	★ 變動頻寬平滑化之熱門廣播演算法

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

緩衝區溢位攻擊一直是系統安全的一大課題，許多電腦病毒或蠕蟲均利用此漏洞損害許多電腦系統。雖然很多相關研究針對此漏洞去防範，但真正被廣泛使用的方法很少，主要原因乃是要能相容於現有已寫好的可執行碼的方法很少。
此篇論文以QEMU模擬器模擬硬體的行為，參改SmashGuard採用在硬體內建立額外堆疊檢測返回位址一致性的方式，使其在不修改軟體可執行碼的情況下，模擬其偵測緩衝區溢位攻擊機制。實驗結果發現其方法在系統軟體使用的假設方面有其衍生出的問題，並分析其原因。為解決此種作業系統亦可能更改堆疊返回位址的問題，本篇論文提出逐級檢測的警示機制，除檢測返回位址的一致性，並增加檢查返回位址的合法性。實驗結果顯示此檢測機制可區分與偵測到一般常見的堆疊區段緩衝區溢位的攻擊模式。

摘要(英)

Buffer overflow has always been a dominant issue of system security. Many computer viruses or worms exploit this vulnerability to damage computer systems. Although numerous researches have been proposed to defend such attack, solutions that were really used as standard were rare. The main reason is that few solutions can be compatible with user binary code.
This paper chooses QEMU emulator to emulate a hardware behavior and selects SmashGuard mechanism to test its feasibility. The result showed that it will produce some problems, and the reason was analyzed.
Hence, this paper proposed a two layer checking mechanism. In addition to checking the consistency of return address, validity of return address was also checked. The result demonstrates that this mechanism can differentiate and detect typical stack-smashing attack.

關鍵字(中)

★ 緩衝區溢位
★ 堆疊區段緩衝區溢位攻擊
★ SmashGuard
★ QEMU

關鍵字(英)

★ SmashGuard attack
★ Buffer overflow
★ QEMU

論文目次

Abstract ....................................................................................................................................ii
Contents...................................................................................................................................iv
List of Figures ...........................................................................................................................v
List of Tables ............................................................................................................................vi
1. Introduction ......................................................................................................................1
1.1 Buffer Overflow Attack ..........................................................................................1
1.2 Motivation ..............................................................................................................3
1.3 Contents of Each Chapter.......................................................................................4
2. Related Work ....................................................................................................................5
3. Emulation Tool................................................................................................................ 11
4. Method............................................................................................................................15
5. Implementation...............................................................................................................18
5.1. Layer-1 : Consistency of Return Address.............................................................18
5.2. Layer-2 : The legitimacy of a return address........................................................22
6. Experiment Result and Evaluation...............................................................................23
6.1 Layer-1 Mechanism..............................................................................................23
6.2 Layer-2 Mechanism..............................................................................................26
7. Conclusions and future work.........................................................................................28
Reference ................................................................................................................................29
Appendix. ...............................................................................................................................31

參考文獻

[1] Vulnerability notes database from US-CERT, http://www.kb.cert.org/vuls/bymetric?open&start=1&count=20
[2] Ali Rahbar, “Stack overflow on windows vista,” White Paper, Sysdream, accessed from http://www.sysdream.com/article.php?story_id=241§ion_id=77 , Jun. 16,2007
[3] Webopedia Computer Dictionary, “What is Buffer Overflow?” 2003,
http://www.webopedia.com/TERM/b/buffer_overflow.html
[4] Jonathan Pincus and Brandon Baker, ”Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns,” IEEE computer society, 2004
[5] Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” Proc. Seventh USENIX Security Conf., pp. 63-78, Jan. 1998.
[6] Bulba and Kil3r, “Bypassing Stackguard and Stackshield,” Phrack Magazine 5(56), http://racl.oltrelinux.com/tutorial/p56-0x05.pdf , 2002
[7] H. Etoh, “GCC Extension for Protecting Applications from Stack-Smashing Attacks,” IBM Research, http://www.trl.ibm.com/projects/security/ssp/ , Apr. 2003.
[8] Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle, “Pointguard: Protecting Pointers from Buffer Overflow Vulnerabilities,” Proc. 12th USENIX Security Symp., pp.91-104, Aug. 2003
[9] Tzi-cker Chiueh and Fu-Hau Hsu, “RAD: A Compile-Time Solution to Buffer Overflow Attacks,” Proc. 21st Int’l Conf. Distributed Computing Systems (ICDCS ‘01), pp.409-417, Apr. 2001.
[10] Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao and Edwin H.-M. Sha, ”Seccurity Protection and Checking for Embedded System Integration against Buffer Overflow Attacks via Hardware/Software,” IEEE Trans. on computers, Vol.55, No.4. April 2006
[11] Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A., “SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address,” IEEE Trans. on computers, Vol. 55, No. 10,Oct. 2006
[12] Krerk Piromsopa, Richard J. Enbody, ”Secure Bit: Transparent, Hardware Buffer-Overflow Protection,” IEEE Trans. Dependable and Secure Computing, Vol.3, No.4, Oct-Dec. 2006
[13] AMD64 and Enhanced Virus Protection, http://www.amd.com/us-en/Weblets/0,,7832_11104_11105,00.html
[14] Intel’s Execute Disable Bit and Enterprise Security, http://www.intel.com/business/bss/infrastructure/security/xdbit.htm
[15] Bochs: The Open Source IA-32 Emulation Project, http://bochs.sourceforge.net/
[16] Fabrice Bellard, QEMU open source processor emulator, http://fabrice.bellard.free.fr/qemu/index.html
[17] Fabrice Bellard, “QEMU, a Fast and Portable Dynamic Translator,” FREENIX Track: 2005 USENIX Annual Technical Conference.
[18] Stevens, W. Richard, Advanced Programming in the UNIX Environment, Addison-Wesley, 1992.
[19] Intel Architecture Software Developer's Manual, Volume 2-Instruction Set Reference Manual, http://developer.intel.com/design/pentiumii/manuals/243191.htm
[20] Tzi-cker Chiueh and Fu-Hau Hsu,"CTCP: A Transparent Centralized TCP/IP Architecture for Network Security," Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), December 2004
[21] Sangyeun Cho, Pen-Chung Yew, Gyungho Lee, ”Decoupling local variable accesses in a wide-issue superscalar processor,” pro. of the 26th annual international symposium on computer architecture, Georgia, United States, 1999.
[22] Linux man page, http://linux.die.net/man/2/sigreturn

指導教授

曾黎明(Li-Ming Tseng)

審核日期

2007-9-21

推文