English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 78728/78728 (100%)
造訪人次 : 33356141      線上人數 : 543
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/72029


    題名: Heap Detective : Detect Heap-based Memory Corruption by Simulating Heap
    作者: 楊安傑;Yang,An-Jie
    貢獻者: 資訊工程學系
    關鍵詞: Memory Corruption;Double Free;Heap Overflow;Memory Corruption;Double Free;Heap Overflow
    日期: 2016-07-19
    上傳時間: 2016-10-13 14:22:32 (UTC+8)
    出版者: 國立中央大學
    摘要: 在資訊安全的領域中,Memory Corruption 的問題越來越嚴重,從緩衝區溢位攻擊 ( Buffer Overflow Attack ) 以來,已經越來越多種會造成 Memory Corruption 並導致可以控制流程的攻擊手法也越來越多,近年來,Address Space Layout Randomization 及 StackGuard 被提出來已經減少很多攻擊的發生,但 Memory Corruption 的問題還是非常嚴重,特別是在記憶體分配使用不當時所造成的 Heap 上的漏洞像是 Use-after-free 及 Double Free 等,常常導致非常大的危害。
    最近,也有許多研究人員提出了 HeapShied 等 Heap 區段的防護機制,特別針對 Heap 區段的漏洞進行保護,也有研究人員開發出了 Memcheck 工具來方便開發人員檢測記憶體分配上的問題,但大部份的方式都需要原始碼,但總會有一些檢查不到或是回報的錯誤報告不易開發人員除錯等問題。
    本篇論文提出了 Heap Detective 這套系統,利用完整模擬 Glibc 的 Memory Allocator 來檢測一些Heap區段上的Memory Corruption 的問題,橫跨所有GDB支援的架構且不需要任何程式的原始碼,另外也提供了資安人員研究攻擊流量 Heap 區段記憶體分析工具,也方便資安人員開發攻擊程式。
    ;In the Information Security, the issue of memory corruption is getting worse. From Buffer Overflow Attack, there were more and more vulnerabilities cause memory corruption and can lead to control flow redirection. In recent years, because the study of Address Space of Layout Randomization and StackGuard, it has reduced a lot of attacks. But the issue of memory corruption is still very serious, particularly Use after Free and Double Free, which is vulnerability on heap, often lead to very great impact. Recently, many researchers have proposed some protective mechanisms, which protect against the vulnerability on heap segment, such as HeapShied, and some researchers developed a tool, which is Memcheck, to facilitate the development detect the issue of memory corruption. But most of all the way need source code, and there are numerous false negative error reports, and the error reports is not easy developer debugging problems. This paper presents Heap Detective, a memory check tool that simulate the memory allocator of Glibc to detect the issue of memory corruption on heap segment across all architectures, which GDB supported. Heap Detective does not require source code, in addition, it provide memory analysis tools on heap segment let security researcher study attack traffic and develop exploit tool.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML552檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明