博碩士論文 945902006 詳細資訊


姓名 郭后翔(Hou-Xiang Kuo)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 使用QEMU模擬器偵測緩衝區溢位攻擊
(Detection of Buffer Overflow Attacks with QEMU Emulator)
檔案 [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 緩衝區溢位攻擊一直是系統安全的一大課題,許多電腦病毒或蠕蟲均利用此漏洞損害許多電腦系統。雖然很多相關研究針對此漏洞去防範,但真正被廣泛使用的方法很少,主要原因乃是要能相容於現有已寫好的可執行碼的方法很少。
此篇論文以QEMU模擬器模擬硬體的行為,參改SmashGuard採用在硬體內建立額外堆疊檢測返回位址一致性的方式,使其在不修改軟體可執行碼的情況下,模擬其偵測緩衝區溢位攻擊機制。實驗結果發現其方法在系統軟體使用的假設方面有其衍生出的問題,並分析其原因。為解決此種作業系統亦可能更改堆疊返回位址的問題,本篇論文提出逐級檢測的警示機制,除檢測返回位址的一致性,並增加檢查返回位址的合法性。實驗結果顯示此檢測機制可區分與偵測到一般常見的堆疊區段緩衝區溢位的攻擊模式。
摘要(英) Buffer overflow has always been a dominant issue of system security. Many computer viruses or worms exploit this vulnerability to damage computer systems. Although numerous researches have been proposed to defend such attack, solutions that were really used as standard were rare. The main reason is that few solutions can be compatible with user binary code.
This paper chooses QEMU emulator to emulate a hardware behavior and selects SmashGuard mechanism to test its feasibility. The result showed that it will produce some problems, and the reason was analyzed.
Hence, this paper proposed a two layer checking mechanism. In addition to checking the consistency of return address, validity of return address was also checked. The result demonstrates that this mechanism can differentiate and detect typical stack-smashing attack.
關鍵字(中) ★ 緩衝區溢位
★ 堆疊區段緩衝區溢位攻擊
★ SmashGuard
★ QEMU
關鍵字(英) ★ SmashGuard attack
★ Buffer overflow
★ QEMU
論文目次 Abstract ....................................................................................................................................ii
Contents...................................................................................................................................iv
List of Figures ...........................................................................................................................v
List of Tables ............................................................................................................................vi
1. Introduction ......................................................................................................................1
1.1 Buffer Overflow Attack ..........................................................................................1
1.2 Motivation ..............................................................................................................3
1.3 Contents of Each Chapter.......................................................................................4
2. Related Work ....................................................................................................................5
3. Emulation Tool................................................................................................................ 11
4. Method............................................................................................................................15
5. Implementation...............................................................................................................18
5.1. Layer-1 : Consistency of Return Address.............................................................18
5.2. Layer-2 : The legitimacy of a return address........................................................22
6. Experiment Result and Evaluation...............................................................................23
6.1 Layer-1 Mechanism..............................................................................................23
6.2 Layer-2 Mechanism..............................................................................................26
7. Conclusions and future work.........................................................................................28
Reference ................................................................................................................................29
Appendix. ...............................................................................................................................31
參考文獻 [1] Vulnerability notes database from US-CERT, http://www.kb.cert.org/vuls/bymetric?open&start=1&count=20
[2] Ali Rahbar, “Stack overflow on windows vista,” White Paper, Sysdream, accessed from http://www.sysdream.com/article.php?story_id=241§ion_id=77 , Jun. 16,2007
[3] Webopedia Computer Dictionary, “What is Buffer Overflow?” 2003,
http://www.webopedia.com/TERM/b/buffer_overflow.html
[4] Jonathan Pincus and Brandon Baker, ”Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns,” IEEE computer society, 2004
[5] Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” Proc. Seventh USENIX Security Conf., pp. 63-78, Jan. 1998.
[6] Bulba and Kil3r, “Bypassing Stackguard and Stackshield,” Phrack Magazine 5(56), http://racl.oltrelinux.com/tutorial/p56-0x05.pdf , 2002
[7] H. Etoh, “GCC Extension for Protecting Applications from Stack-Smashing Attacks,” IBM Research, http://www.trl.ibm.com/projects/security/ssp/ , Apr. 2003.
[8] Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle, “Pointguard: Protecting Pointers from Buffer Overflow Vulnerabilities,” Proc. 12th USENIX Security Symp., pp.91-104, Aug. 2003
[9] Tzi-cker Chiueh and Fu-Hau Hsu, “RAD: A Compile-Time Solution to Buffer Overflow Attacks,” Proc. 21st Int’l Conf. Distributed Computing Systems (ICDCS ‘01), pp.409-417, Apr. 2001.
[10] Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao and Edwin H.-M. Sha, ”Seccurity Protection and Checking for Embedded System Integration against Buffer Overflow Attacks via Hardware/Software,” IEEE Trans. on computers, Vol.55, No.4. April 2006
[11] Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A., “SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address,” IEEE Trans. on computers, Vol. 55, No. 10,Oct. 2006
[12] Krerk Piromsopa, Richard J. Enbody, ”Secure Bit: Transparent, Hardware Buffer-Overflow Protection,” IEEE Trans. Dependable and Secure Computing, Vol.3, No.4, Oct-Dec. 2006
[13] AMD64 and Enhanced Virus Protection, http://www.amd.com/us-en/Weblets/0,,7832_11104_11105,00.html
[14] Intel’s Execute Disable Bit and Enterprise Security, http://www.intel.com/business/bss/infrastructure/security/xdbit.htm
[15] Bochs: The Open Source IA-32 Emulation Project, http://bochs.sourceforge.net/
[16] Fabrice Bellard, QEMU open source processor emulator, http://fabrice.bellard.free.fr/qemu/index.html
[17] Fabrice Bellard, “QEMU, a Fast and Portable Dynamic Translator,” FREENIX Track: 2005 USENIX Annual Technical Conference.
[18] Stevens, W. Richard, Advanced Programming in the UNIX Environment, Addison-Wesley, 1992.
[19] Intel Architecture Software Developer's Manual, Volume 2-Instruction Set Reference Manual, http://developer.intel.com/design/pentiumii/manuals/243191.htm
[20] Tzi-cker Chiueh and Fu-Hau Hsu,"CTCP: A Transparent Centralized TCP/IP Architecture for Network Security," Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), December 2004
[21] Sangyeun Cho, Pen-Chung Yew, Gyungho Lee, ”Decoupling local variable accesses in a wide-issue superscalar processor,” pro. of the 26th annual international symposium on computer architecture, Georgia, United States, 1999.
[22] Linux man page, http://linux.die.net/man/2/sigreturn
指導教授 曾黎明(Li-Ming Tseng) 審核日期 2007-9-21

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡