Computer Engineering and Applications ›› 2016, Vol. 52 ›› Issue (11): 101-107.

Previous Articles     Next Articles

Detection of buffer overflow by duplication of control flow data

XIE Wenbing1,2, MA Xiaodong1, LI Zhongsheng1, NIU Xiamu2   

  1. 1.Jiangnan Institute of Computing Technology, Wuxi, Jiangsu 214083, China
    2.Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen, Guangdong 518000, China
  • Online:2016-06-01 Published:2016-06-14

基于备份控制流信息的缓冲区溢出监测技术

谢汶兵1,2,马晓东1,李中升1,牛夏牧2   

  1. 1.江南计算技术研究所,江苏 无锡 214083
    2.哈尔滨工业大学 深圳研究生院,广东 深圳 518000

Abstract: Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++ programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.

Key words: buffer overflow, control flow duplication, return address, frame pointer, runtime monitor, RIPE

摘要: C/C++在提供灵活的使用方式和高效目标码的同时,由于缺少边界检查机制,缓冲区溢出成为C/C++程序面临的一种严重的攻击威胁。给出了一种缓冲区溢出攻击的动态防护方法。使用在库中声明的数组来备份函数的控制流信息,包括返回地址和栈帧指针,来动态监测非法的篡改行为。该方法可以对缓冲区溢出攻击中的直接攻击和间接攻击均有效防护。通过RIPE基准平台和两道实际应用的测试以及理论比较表明该方法的有效性。

关键词: 缓冲区溢出, 控制流备份, 返回地址, 帧指针, 动态监测, RIPE