期刊文献+

二进制扫描的缓冲区溢出漏洞探测技术 被引量:2

The Discovery of Buffer Overflow Vulnerabilities Based on Binary Scanning
下载PDF
导出
摘要 缓冲区溢出漏洞自从出现以来,一直引起许多严重的安全性问题,而且随着软件系统越做越大,越来越复杂,缓冲区溢出漏洞的出现越来越普遍。本文从检测程序的漏洞方面着手,比较了以前常用的静态代码分析和实时错误注入的检测方法,提出了一种对可执行文件反汇编后的代码进行缓冲区溢出漏洞检测的技术,提高了检测软件系统漏洞的效率。 When buffer overflow vulnerabilities comes,hasing been cause many serious safety problems.With the software system becomes more and more complicated,buffer overflow vulnerabilities appears more and more widespread.This paper is performed from the perspective of searching for a single vulnerability in a released program, a different approach compared to the many previous studies that focus on both static source code analysis and run time fault injection. We propose that a signature analysis of a disassembled bi-nary executable can lead to the discovery of a buffer overflow vulnerability,improved the efficiency of the detection software system.
机构地区 信息工程大学
出处 《微计算机信息》 北大核心 2007年第3期97-98,32,共3页 Control & Automation
基金 国家预研基金资助项目(51400010205JB5201)
关键词 缓冲区溢出 静态分析 错误注入 二进制扫描 buffer overflow,static analysis,fault injection,binary scanning
  • 相关文献

参考文献3

  • 1[1]Pierre-Alain FAYOLLE,Vincent GLAUME."A Buffer Overflow Study Attacks & Defenses".http://downloads.securityfocus.com/library/report.pdf.
  • 2[2]Crispin Cowan,Perry Wagle,Calton Pu,Steve Beattie,and Jonathan Walpole."Buffer Overflows:Attacks and Defenses for the Vulnerability of the Decade".
  • 3满靖,闫健卓,王普.异构数据库信息整合系统的测试技术研究[J].微计算机信息,2006,22(02X):161-163. 被引量:8

二级参考文献2

共引文献7

同被引文献14

  • 1屈晔,张昊.BugScam自动化静态漏洞检测的分析[J].电子产品可靠性与环境试验,2006,24(4):41-45. 被引量:2
  • 2Kaspersky K.黑客反汇编揭秘[M].北京:电子工业出版社,2005.
  • 3Pablo Software Solutions FTP Server格式串溢出漏洞[EB/OL].[2008-04-05]. http://it. rising. com. cn/newSite/Channels/Safety/LatestHole/Hole_Others/200211/12-085508456. htm.
  • 4Exim格式串溢出漏洞[EB/OL].[2008-04-05].http://industry.ccidnet.com/art/230/20050817/611763_1.html.
  • 5绿盟科技[EB/OL].[2008-04-05].http://www.nsfocus.net/vulndb/.
  • 6RINGENBURG M F , GROSSMAN D . Preventing format - string attacks via automatic and efficient dynamic checking[ C] // Proceedings of the 12th ACM Conference on Computer and Communications Security. New York, NY, USA: ACM. 2005:354-363.
  • 7CHEN SHUO, XU JUN, KALBARCZYK Z T, et al. Security vulnerabilities: From analysis to detection and masking techniques[ J]. Proceedings of the IEEE, 2006, 94(2) : 407 -419
  • 8XU JUN, KALBARCZYK Z T, IYER R K. Transparent Runtime Randomization for Security[ Z]. Center for Reliable and High-Performance Computing Coordinated Science Laboratory, 2003.
  • 9SHANKAR U, TALWAR K, FOSTER J S, et al. Detecting format string vulnerabilities with type qualifiers[ C]// Proceedings of the 10th USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2001:16 - 16.
  • 10WALL L , CHRISTIANSEN T , ORWANT J . Programming Perl [ M]. 3rd ed. [ S. l. ] : O'Reilly & Associates, 2000.

引证文献2

二级引证文献6

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部