ASurveyonRuntimeSmashedStackDetectionPPT课件.ppt
《ASurveyonRuntimeSmashedStackDetectionPPT课件.ppt》由会员分享,可在线阅读,更多相关《ASurveyonRuntimeSmashedStackDetectionPPT课件.ppt(16页珍藏版)》请在三一文库上搜索。
1、A Survey on Runtime Smashed Stack Detection,Background,Vulnerability becomes Serious Social Problems ex) Morris Worm on UNIX in 1988 Code Red on Windows in 2001 Nimda on Windows in 2001 Root DNS Attack in 2002 CERT/CC Advisories,Dominant Attacks are caused by Buffer Overflow,Buffer Overflow Attack,S
2、tack Smashing Attack Common mode of buffer overflow attack for hijacking system control,Hijack Process Inject the attack code All applications are ready for injection Force the process to execute the injected code Stack buffer overflow vulnerability allow malicious input to overwrite the return addr
3、ess and to snatch the execution flow,Text Area (program),Data Area,Stack Area,Malicious Code,Stack Smashing Attack (1),Program Structure of C like languages,int main (int argc, char *argv) calc_something(x, y); show_something(); return 0; ,void calc (int n) ,void calc_something (int x, int y) calc(x
4、); ,Stack Smashing Attack (2),Flow Control Data,int main (int argc, char *argv) calc_something(x, y); return 0; ,void calc (int n) ,void calc_something (int x, int y) calc(x); ,First In Last Out Buffer,main: line n,calc_something: line m,Stack Smashing Attack (3),Local Variables Allocated in FILO bu
5、ffer unified with flow control data,void calc (int n) int a, b; char buffer1024; foo(); bar(); ,return address,char buffer1024;,int b;,int a;,Local Variables of calc(),Stack Frame of calc(),Stack Smashing Attack (4),Injections and Hijacks,return address,char buffer1024;,int b;,int a;,malicious code,
6、overwritten by buffer overflow as buffer1024, , buffer1027,0x046424,Malicious Code,0x046424,Approaches (1),Software Approaches Novel secure program languages or perfect programs without bugs Compiler approaches without fixing each source program Static Analysis A First Step Towards Automated Detecti
7、on of Buffer Overrun Vulnerabilities “pointer” can not be analyzed perfectly Runtime Detection LibSafe (LibVerify) wrapper library StackGuard StackShield ProPolice,Approaches (2),Hardware Approaches Non-Exec Pages NonExecutable User Stack vs return-into-libc attack signal handling NonExecutable Data
8、 Pages modified dynamic loader modified just-in-time (JIT) compiler Secure Return Address Stack (SRAS) Architecture Support for Defending Against Buffer Overflow Attacks A Processor Architecture Defense against Buffer Overflow Attacks Secure Cache A Cache Architecture to Prevent Malicious Code Execu
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ASurveyonRuntimeSmashedStackDetectionPPT 课件
链接地址:https://www.31doc.com/p-2755411.html