中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9502
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41649478      Online Users : 1373
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9502


    Title: 使用QEMU模擬器偵測緩衝區溢位攻擊;Detection of Buffer Overflow Attacks with QEMU Emulator
    Authors: 郭后翔;Hou-Xiang Kuo
    Contributors: 資訊工程研究所
    Keywords: 緩衝區溢位;堆疊區段緩衝區溢位攻擊;SmashGuard;QEMU;SmashGuard attack;Buffer overflow;QEMU
    Date: 2007-09-10
    Issue Date: 2009-09-22 11:49:10 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 緩衝區溢位攻擊一直是系統安全的一大課題,許多電腦病毒或蠕蟲均利用此漏洞損害許多電腦系統。雖然很多相關研究針對此漏洞去防範,但真正被廣泛使用的方法很少,主要原因乃是要能相容於現有已寫好的可執行碼的方法很少。 此篇論文以QEMU模擬器模擬硬體的行為,參改SmashGuard採用在硬體內建立額外堆疊檢測返回位址一致性的方式,使其在不修改軟體可執行碼的情況下,模擬其偵測緩衝區溢位攻擊機制。實驗結果發現其方法在系統軟體使用的假設方面有其衍生出的問題,並分析其原因。為解決此種作業系統亦可能更改堆疊返回位址的問題,本篇論文提出逐級檢測的警示機制,除檢測返回位址的一致性,並增加檢查返回位址的合法性。實驗結果顯示此檢測機制可區分與偵測到一般常見的堆疊區段緩衝區溢位的攻擊模式。 Buffer overflow has always been a dominant issue of system security. Many computer viruses or worms exploit this vulnerability to damage computer systems. Although numerous researches have been proposed to defend such attack, solutions that were really used as standard were rare. The main reason is that few solutions can be compatible with user binary code. This paper chooses QEMU emulator to emulate a hardware behavior and selects SmashGuard mechanism to test its feasibility. The result showed that it will produce some problems, and the reason was analyzed. Hence, this paper proposed a two layer checking mechanism. In addition to checking the consistency of return address, validity of return address was also checked. The result demonstrates that this mechanism can differentiate and detect typical stack-smashing attack.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明