HSP: A solution against heap sprays

NCU Institutional Repository > 資訊電機學院 > 資訊工程學系 > 期刊論文 > Item 987654321/51546

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/51546

题名:	HSP: A solution against heap sprays
作者:	Hsu,FH;Huang,CH;Hsu,CH;Ou,CW;Li-Han,CB;Chiu,PC
贡献者:	資訊工程學系
关键词:	BUFFER OVERFLOW ATTACKS;CHECKING;SECURITY;HARDWARE/SOFTWARE;RANDOMIZATION;PROTECTION;ARRAY
日期:	2010
上传时间:	2012-03-27 18:55:54 (UTC+8)
出版者:	國立中央大學
摘要:	Heap sprays are a new buffer overflow attack (BOA) form that can significantly increase the successful chance of a BOA even though the attacked process is protected by a lot of state-of-the-art anti-BOA mechanisms, such as ASLR, non-executable stack/DEP, signature-based IDSes, and type-safe languages. In this paper, we propose a glibc-and-ASLR-based solution to heap sprays Heap Spray Protector (HSP). HSP controls the number and location of int 80 instructions in a process and hides the whereabouts of the only legal int 80 instruction; hence, HSP makes it difficult for attackers to issue a system call, let alone a heap spray attack. Moreover HSP can help ASLR defend against memory information leaking attacks. Furthermore, because HSP only modifies the glibc library and the kernel, it does not need to modify any source code or executable file. Finally, HSP allows attackers to execute as much code as possible before an attack can really create some damage; therefore, it enables the attacked hosts to collect more information about attackers which may be useful to block future attacks. Experimental results show HSP implemented on a Linux platform can effectively defend a system against heap sprays with less than 4.56% performance overhead. (C) 2010 Elsevier Inc. All rights reserved.
關聯:	JOURNAL OF SYSTEMS AND SOFTWARE
显示于类别:	[資訊工程學系] 期刊論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	513	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....