| dc.description.abstract | Since its first appearance in 1950, buffer overflow attacks have buffeted the Internet for more than half a century. Due to the simplicity to launch a BOA, the tremendous available targets in the Internet, and the damage power a BOA can create, buffer overflow attacks have continuously been one of the most hazardous security threats in the Internet. Not only Internet worms utilize this attack to proliferate themselves but also malicious users exploit it to take the control of a computer system. Internet incidents are often related to buffer overflow attacks. And theoretically, by utilizing this attack method a malicious user can compromise thousands of hundreds hosts in 20 minutes. The above security threats severely influence the reliability of a computer and network system and also reduce people’’s confidence on the computer and network system. Therefore, developing an efficient and effective approach to protect a computer and network system become a critical and emergent issues modern cyber community.
As more protection approaches are developed, BOAs also evolve into different mutants to bypass the proposed protection mechanism. Among the various mutants there are stack smashing attacks, heap overflow attacks, function pointer attacks, jump table overflow attacks, and so on. Attackers usually have to damage target system by system calls, and in i386 architecture it must use int 80 or sysenter. In our research we focus on (1) prevent executing int 80 provided by attacker (2) prevent executing int 80 existed in memory to protect system from BOAs.
We propose a new method to protect system calls by registering valid int 80 on premise that we don’t have to recompile source code. Besides of that, we introduce Address Obfuscation and forge fake int 80 instructions to make attackers hardly use system calls registered in system and then protect system from many kinds of injected code Attack. And the experimental results show that it takes less overhead to protect system. | en_US |