中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9806
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41690315      Online Users : 1519
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9806


    Title: Return Protector: A Protection Mechanism for Return-into-libc Attacks by Checking the Return Address
    Authors: 許齊顯;Chi-Hsien Hsu
    Contributors: 資訊工程研究所
    Keywords: 堆疊;緩衝區溢位;Buffer Overflow;Stack
    Date: 2009-07-14
    Issue Date: 2009-09-22 11:56:39 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 自從1960年代緩衝區溢位問題(Buffer Overflow Problem)出現以來,時至今日,已經有許多研究者提出解決方法。近年來,由於不可執行之堆疊區段(Non-executable Stack)的研究,已經大大的削減了在堆疊注入惡意程式碼的可能性,甚至讓硬體廠商認可並提供支援,如Intel的XD(「eXecute Disable」)。 但是,儘管如此,緩衝區溢位攻擊仍然未完全解決,Return-into-libc就是未解決的一部分。這種攻擊方式所執行的函式,是利用系統中早已載入的函式庫(Library)或程式碼,由於此方法並未在堆疊中注入任何程式碼,也因此不會受到「 不可執行之堆疊區段」的影響。然而目前緩衝區溢位問題所提供較有效的解決方案,大部分的機制在實作上都相當複雜,甚至需要針對系統進行機制上的修改,而且或多或少都還存在一些缺陷。 因此,在「不可執行之堆疊區段」已經相當普遍的現在,本篇論文將在這種機制之上,提出了一種針對Return-into-libc的保護機制──Return Protector,藉由在程式碼中附加特定格式的指令,使函式在執行返回指令時,將檢查返回位址是否有效。本方法之實作完全不需要修改系統本身的機制,而且實作方式相當簡單,是一種可以容易佈置在各種平台上的防禦機制。 Since the first buffer overflow attack occurred at 1960s, many researchers have provided some solutions today. In recent years, because the study of non-executable stack, the possibility of injecting malicious code into the stack have been decreased greatly. Even the hardware manufacturer has agreed to it and provides some supports, like the XD (“eXecute Disable”) of Intel. But although so, buffer over flow attacks are not solved completely yet, return-into-libc is one unsolved part of it. This kind of attacks uses the already loaded libraries or program code. The method doesn’t injecting any code into stack, so it would not be affected by “non-executable stack.” And now most of the more effective solutions are too complex in the implementations. So, because of the popularity of “non-executable stack,” we provide a protection mechanism of return-into-libc, “Return Protector,” in this paper. It would check that the return address is valid or not when the function returns. For each time the function calls, we append a sequence specific code. When the function will return, we identify the returned code chunk with the code chunk that made the function call. This mechanism is very simple, so we can easily port it to other platforms.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明