自動偵測程式緩衝區溢位錯誤的測試輔助工具

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：5

、訪客IP：3.145.131.238

姓名

張繼軒(Chi-hsuan Chang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

自動偵測程式緩衝區溢位錯誤的測試輔助工具
(ARMORY : An auxiliary testing tool for automatic buffer overflow vulnerability detection)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

本研究提出一全新的測試輔助工具以協助軟體工程師或程式測試員在測試程式的正確性時自動地偵測出程式中的緩衝區溢位錯誤。程式緩衝區溢位錯誤(Program Buffer Overflow Bugs, PBOB)是緩衝區溢位攻擊的踏腳石，而緩衝區溢位攻擊是已知的電腦與網路攻擊方式中最危險的一種。Internet Worms便是透過此類程式錯誤在網際網路上繁殖，此外通常這一類攻擊的最終結果就是攻擊者取得被攻擊主機的超級使用者權限。當一程式輸入字串的長度大於接收緩衝區的長度而程式設計師亦沒有對多餘的字串做處理，則程式緩衝區溢位錯誤便會產生。雖然就像其他的程式錯誤一樣，程式緩衝區溢位錯誤也是程式錯誤的一種。但比較特別的是，程式緩衝區溢位錯誤不但不易偵測，也很難避免，且有非常危險的後遺症。通常若非執行一充分完整的程式測試，是很難發現程式內的程式緩衝區溢位錯誤。然而一個充分完整的程式測試通常亦是一個極費力且費時的工作。由於縮短產品開發時間是大部份軟體公司的主要考慮，這一類的測試工作通常被忽略。此外，訓練一位能夠撰寫上萬行程式碼卻不含任何程式緩衝區溢位錯誤的程式設計師，亦是一不可能的任務。畢竟犯錯是人類的天性。因此發展一全新的輔助測試工具以協助軟體工程師自動地偵測程式中的緩衝區溢位錯誤便成為一刻不容緩的重要議題。

摘要(英)

In this paper we propose a new type of auxiliary examining tool to support software engineer or test Engineer detects the buffer overflow error in program automatically when testing the correctness of a program. Program Buffer Overflow Bug,(PBOB) is a stepping stone of buffer overflow attacks which is the one of most dangerous known attacks. Internet Worms spreads on Internet Networks via such bugs. Usually, The result of BOF attacks is getting the root privilege from the attacked host. The BOF Bug is produced When the length of a input string in program greater than the length of receive buffer, and the programmer do not deal with the redundant string. Dissimilar to the other program errors, Program Buffer Overflow Bug is not only difficult to detect and evade, but also has very high risky sequela. Program Buffer Overflow Bug in program can be discovered unless execute a complete program testing, and which is time-consuming and laborious. Such works always are neglected due to the major element of consideration from software companies – decrease the building time of products. Otherwise, training a programmer with perfect programming manner is impossible. Consequently, developing an innovative auxiliary examining tool to detect the buffer overflow error in program automatically demands immediate attention.

關鍵字(中)

★ 除錯工具
★ 可依賴度
★ 測試工具
★ 安全

關鍵字(英)

★ testing
★ debug tool
★ reliability
★ security

論文目次

摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章緒論 - 1 -
1-1動機 - 1 -
1-2 論文概述 - 2 -
1-3 章節架構 - 3 -
第二章攻擊類型及原理 - 4 -
2-1 程式記憶體緩衝區的常見攻擊類型 - 4 -
2-1-1 L2S類型 - 5 -
2-1-2 LOOP類型 - 6 -
2-1-3 Fission類型 - 6 -
2-2 自動化的程式緩衝區溢位測試工具 - 8 -
2-3 測試用Process的內容 - 8 -
第三章實作 - 10 -
3-1 系統架構 - 10 -
3-2 方法概要 - 11 -
3-2-1 修改系統呼叫 sys_read( ) - 11 -
3-2-2 修改Process Descriptor與新增系統呼叫 - 12 -
3-2-3修改do_fork( ) - 13 -
3-3 討論 - 13 -
3-3-1 對於sys_fork( )的分析 - 13 -
3-3-2 Child Process的Race Condition討論 - 15 -
第四章實驗 - 16 -
4-1 安全性測試 - 16 -
4-1-1 str_cpy.c的測試結果 - 16 -
4-1-2 while.c的測試結果 - 17 -
4-1-3 http.c的測試結果 - 18 -
4-2 實驗及分析 - 19 -
4-2-1 False Positive - 21 -
4-2-2 False Negative - 22 -
第五章相關研究 - 24 -
5-1原始碼靜態分析 - 24 -
5-2混合型記憶體弱點檢查工具 - 24 -
5-3 記憶體保護機制 - 25 -
5-4 入侵偵測系統 - 26 -
第六章結論 - 27 -
6-1 總結 - 27 -
6-2 未來展望 - 27 -
參考文獻 - 29 -
附錄一 - 32 -

參考文獻

〔1〕 Zhenkai Liang and R. Sekar, "Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models" In Annual Computer Security Applications Conference (ACSAC 2005)
〔2〕 Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, Wenke Lee, "Polymorphic Blending Attacks" In USENIX Security Symposium 2006
〔3〕 C. Cowan, C. Pu, D. Maier, H. Hinton, J. Wadpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, "StackGuard: Automatic Detection and Prevention of Buffer-overrun Attacks", In Proceedings of the 7th USENIX Security Symposium, January 1998
〔4〕 Yves Younan, Davide Pozza, Frank Piessens and Wouter Joosen, 'Extended protection against stack smashing attacks without performance loss', Annual Computer Security Applications Conference (ACSAC 2006)
〔5〕 Emre C. Sezer, Peng Ning, Chongkyung Kil, Jun Xu, MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities, ACM CCS2007
〔6〕 C Intermediate Language, http://manju.cs.berkeley.edu/cil/
〔7〕 Arash Baratloo, Navjot Singh, and Timothy Tsai. "Transparent run-time defense against stack smashing attacks". In Proceedings of the 2000 USENIX Annual Technical Conference (USENIX-00), pages 251–262, Berkeley, CA, June 2000.
〔8〕 Bulba and Kil3r. Bypassing Stackguard and stackshield. Phrack, 56, 2000.
〔9〕 Chongkyung Kil, Emre Can Sezer, PengNing, and Xiaolan Zhang," Automated Security Debugging Using Program Structural Constraints", Annual Computer Security Applications Conference.(ACSAC 2007)
〔10〕 P. Zhou,W. Liu, L. Fei, S. Lu, F. Qin, Y. Zhou, S. Midkiff, J. Torrellas. AccMon: Automatically Detecting Memory-related Bugs via Program Counter-based Invariants. In 37th International Symposium on Microarchitecture (MICRO), Nov 2004.
〔11〕 M.D. Ernst, J.H. Perkins, P.J. Guo, S. McCamant, C. Pacheco, M.S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Science of Computer Programming, 2007.
〔12〕 Yves Younan, Davide Pozza, Frank Piessens and Wouter Joosen, 'Extended protection against stack smashing attacks without performance loss', Annual Computer Security Applications Conference (ACSAC 2006)
〔13〕 S. Hangal and M. S. Lam. DIDUCE: Tracking down software errors using dynamic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering, May 2002.
〔14〕 Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle.“Pointguard: Protecting pointers from buffer overflow vulnerabilities”. In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., August 2003.
〔15〕 D Wagner, JS Foster, EA Brewer and A Aiken. “A first step towards automated detection of buffer overrun vulnerabilities”. Network and Distributed System Security Symposium, 2000
〔16〕 M Martin, B Livshits and MS Lam. “Finding application errors and security flaws using PQL: a program query language”. Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming systems languages and applications.
〔17〕 ProPolice, http://www.x.org/wiki/ProPolice
〔18〕 PaX team, http://pax.grsecurity.net/docs/aslr.txt
〔19〕 Cfengine, http://www.cfengine.org/download.phtml
〔20〕 Gopher, http://gopher.quux.org:70/devel/gopher/Downloads/old
〔21〕 Micq, http://linux.maruhn.com/sec/micq.html
〔22〕 Monkeyd, http://monkeyd.sourceforge.net/
〔23〕 Mplayer, http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5.tar.bz2
〔24〕 Pptpd, http://www.poptop.org/

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2008-7-22

推文