Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Buffer overflow attack protection method, device and system

A buffer overflow and function technology, applied in the field of communication, can solve the problems of narrow scope and poor effect of protection against buffer overflow attacks, and achieve the effect of expanding the scope of attacks and good effect.

Inactive Publication Date: 2011-01-12
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the existing ASLR technology only randomizes part of the memory allocation (such as DLL and executable programs), so the existing technology has a narrow range of protection against buffer overflow attacks and poor effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Buffer overflow attack protection method, device and system
  • Buffer overflow attack protection method, device and system
  • Buffer overflow attack protection method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0027] The embodiment of the present invention provides a buffer overflow attack protection system, the system includes a buffer overflow attack device, the device is used to load the randomization management driver into the memory in the Windows kernel mode, and through the The loaded randomization management driver hooks the application program interface API function related to memory allocation in the Windows kernel, and modifies the parameters of the API function to randomize the base address of the memory allocation.

[0028] figure 1 It is a schematic structural composition diagram of an embodiment of the protection device of the buffer overflow attack of the present invention; figure 1 As shown, the buffer overflow attack protection device of this embodi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a protection method, a device and a system of buffer overflow attacks; the method comprises the following steps that: a randomizing management drive is loaded in a memory in the mode of a Windows core; the randomizing management drive is linked with an application program interface API function which is arranged in the Windows core and related to the memory allocation, and parameters of the API function are modified to randomize a base address allocated by the memory. Therefore the range of the attacks caused by the overflow of a protection buffer area is further expanded, and the effect is better.

Description

technical field [0001] The invention relates to the communication field, in particular to a buffer overflow attack protection method, device and system. Background technique [0002] Microsoft's next-generation operating system, Windows Vista, is most proud of security in that it uses Address Space Layout Randomization (ASLR, Address Space Layout Randomization) technology to allocate memory, such as Dynamic-link Library (DLL, Dynamic-link Library). ) and executables to ensure that two concurrent instances of the operating system (eg, two identical executables) are loaded at different memory addresses each time. [0003] Windows Vista's ASLR loads system DLLs and executable files in different locations each time the system starts, making it impossible for malware to know the location of the application programming interface (API, Application Programming Interface). Early in the boot process, the memory manager will randomly select one of the 256 64KB addresses in the top 16M...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F21/52
CPCG06F21/52
Inventor 刘丹顾凌志杨玉奇杜欢白皓文李毅超曹跃何子昂覃丽芳肖武康凯
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com