Detection of buffer overflow by duplication of control flow data

Computer Engineering and Applications ›› 2016, Vol. 52 ›› Issue (11): 101-107.

Previous Articles Next Articles

Detection of buffer overflow by duplication of control flow data

XIE Wenbing1，2, MA Xiaodong1, LI Zhongsheng1, NIU Xiamu2

1.Jiangnan Institute of Computing Technology, Wuxi, Jiangsu 214083, China
2.Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen, Guangdong 518000, China

Online:2016-06-01 Published:2016-06-14

基于备份控制流信息的缓冲区溢出监测技术

谢汶兵1，2，马晓东1，李中升1，牛夏牧2

1.江南计算技术研究所，江苏无锡 214083
2.哈尔滨工业大学深圳研究生院，广东深圳 518000

Abstract

Abstract: Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++ programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.

Key words: buffer overflow, control flow duplication, return address, frame pointer, runtime monitor, RIPE

摘要： C/C++在提供灵活的使用方式和高效目标码的同时，由于缺少边界检查机制，缓冲区溢出成为C/C++程序面临的一种严重的攻击威胁。给出了一种缓冲区溢出攻击的动态防护方法。使用在库中声明的数组来备份函数的控制流信息，包括返回地址和栈帧指针，来动态监测非法的篡改行为。该方法可以对缓冲区溢出攻击中的直接攻击和间接攻击均有效防护。通过RIPE基准平台和两道实际应用的测试以及理论比较表明该方法的有效性。

关键词: 缓冲区溢出, 控制流备份, 返回地址, 帧指针, 动态监测, RIPE

XIE Wenbing1，2, MA Xiaodong1, LI Zhongsheng1, NIU Xiamu2. Detection of buffer overflow by duplication of control flow data[J]. Computer Engineering and Applications, 2016, 52(11): 101-107.

谢汶兵1，2，马晓东1，李中升1，牛夏牧2. 基于备份控制流信息的缓冲区溢出监测技术[J]. 计算机工程与应用, 2016, 52(11): 101-107.

[1]	TENG Pengju, LI Hongjun. Definition of centripetal path and its application in cluster of network nodes [J]. Computer Engineering and Applications, 2017, 53(6): 34-39.
[2]	ZOU Xue, WANG Xingqi, FANG Jinglong, WANG Daquan. Buffer overflow prone points detection based on inter-process analysis [J]. Computer Engineering and Applications, 2016, 52(15): 110-113.
[3]	LUO Sanding, HU Kun, CHEN Yuanbing, NIE Zhenyu. Projection analysis and algorithms research on workpiece surface defect inspection [J]. Computer Engineering and Applications, 2015, 51(6): 150-153.
[4]	ZHANG Lantu, WANG Ying. Dynamic stack buffer overflow prevention based on protection of control-flow data [J]. Computer Engineering and Applications, 2012, 48(15): 63-69.
[5]	HUO Guang，FEI Gaolei，HU Guangmin. Unicast inference of temporal loss characteristics [J]. Computer Engineering and Applications, 2011, 47(9): 106-108.
[6]	XU Yan，ZHANG Xiao-feng，JIANG Ze-tao. Research on minimization method of shape from shading combined with wavelet transformation [J]. Computer Engineering and Applications, 2009, 45(32): 178-179.
[7]	ZOU Yuan－yuan¹,GE Qing－ping¹,HAN Yu1,SHEN Lan-xi¹,ZHANG Cun－lin². Stripe noise of THz image prcessing based on frequency filtering [J]. Computer Engineering and Applications, 2009, 45(17): 241-243.
[8]	MA Guo-sheng^1,2,BAI Yu¹,ZHU Tong¹. Predicting position of pedestrian at crossroad for preventing pedestrian-vehicle collision [J]. Computer Engineering and Applications, 2008, 44(33): 34-36.

Detection of buffer overflow by duplication of control flow data

基于备份控制流信息的缓冲区溢出监测技术

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 8

Recommended Articles

Metrics