MP: A Memory Protector against Stack-Based Buffer Overflow Attacks

• Main Authors: Chung-li Lin, 林忠立
• Other Authors: 內容為英文
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/40267080260241220646

碩士 === 國立中央大學 === 資訊工程研究所 === 95 === In this paper, we proposed a new defense mechanism solves the universal existence problems in the information system security — Stack-Based buffer Overflow Attacks, This type of Buffer Overflow Attacks exploit the loopholes result from that when the process write data to the buffer, not done Bound checking. It will modify some control-flow data structure(ex:return addresses and function pointers),and then force procedure to execute the injected code of attackers (Code Injection Attacks) or the attacker’s choice of code(Return into Libc Attacks). The traditional defense mechanisms are usually only focused on preventing the execution of shell code, but neglect the procedures be attacked may be abnormally terminated. Since, as the attacker launched the attack and unsuccessfully achieve the attack objective(obtain the root privilege),in such a situation, the attack is likely to corrupting the memory of the procedure which be attacked, and then result in the abnormal termination of the procedure which be attacked. It become more difficult that to debugging and keeping evidence. We propose a novel defense mechanism based on operating system — Memory Protector(MP), to protect systems from Code Injection attacks of Stack-Based buffer overflow attacks and keep the integrity of memory.The mechanism can detect the malicious data before it be writed to memory block of the procedure which be attacked and the malicious data is blocked outside the procedure which be attacked, so the mechanism not only prevent the Buffer Overflow Attacks but also avoid the corruption of memory and then the procedure which be attacked can normally be terminated. Moreover, it only slightly reduce the effectiveness of the implementation of the program and has the low rate of false positive, this can be an effective mechanism for the detection of Code Injection types of Buffer Overflow Attacks, even if is zero day attack. Because the Linux popular rate fast promotion tendency and the source of operating system core, We chose the Linux operating system to implement this defense mechanism.