Instruction modification virtual platform execution method for kernel stack overflow defense

Abstract

The invention provides an instruction modification virtual platform execution method for kernel stack overflow defense, and belongs to the field of computer security. The method comprises the following steps: establishing a backup stack, an address mapping table and a thread ID index table; with the jump instruction as a segmentation point, obtaining an instruction fragment from the first address,and inserting a first control instruction and a second control instruction; if the instruction fragment has a cal instruction and a let instruction, a third control instruction and a fourth control instruction need to be inserted; independently storing the third instruction fragment, and storing the first address and the second address into an address mapping table; and judging whether a stack overflow attack occurs or not, and if the stack overflow attack occurs, performing stack overflow defense by the virtual platform. According to the invention, the computer runtime instruction can be analyzed in real time, and the call instruction and the let instruction can be monitored. The invention aims to solve the problems of system crash and data loss which may be caused by a stack overflow attack occurring in a computer terminal, and even the risk that the computer terminal is controlled.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method for modifying a virtual platform by instructions facing kernel stack overflow defense. Background technique [0002] Computers have become widely used information processing tools in various fields. However, with the advent of the Internet age and the increasing influence of the Internet on society, computer viruses, malicious codes, and network attacks that exploit system vulnerabilities are disseminated through the Internet. threaten the security of the computer. Buffer overflow is a means of exploiting system vulnerabilities to attack computers. By writing data exceeding its defined length into the buffer of the program, the data in the adjacent storage unit of the buffer is overwritten, and the stack of the program is destroyed. And then force the program to execute the shellcode defined by the attacker. After 2000, the popularization and application of Windows ser...

AI Technical Summary

Problems solved by technology

Stack overflow attacks may cause problems such as program failures, system crashes, and network paralysis. In more serious cases, attackers can gain partial or full control of a host or server through stack overflow attacks

In addition, stack overflow attacks widely exist in various operating systems and application software, and the attack methods are diversified. Therefore, there are many difficulties in fundamentally solving the problem of stack overflow detection and defense.

[0004] To sum up, although researchers have done a lot of research work on stack overflow detection and defense, stack overflow attacks are still rampant

In view of the shortcomings of the current defense technology, such as singleness and low practicability, it is of great scientific theoretical value and practical application significance to study the stack overflow detection defense technology with wide application and strong practicability to improve the security of computer systems

Images