Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Instruction modification virtual platform execution method for kernel stack overflow defense

A virtual platform and instruction modification technology, which is applied in the field of computer security, can solve problems such as the proliferation of stack overflow attacks, single defense technology, and program operation failure, and achieve the effects of reducing reuse, saving memory resources, and improving security

Pending Publication Date: 2019-04-16
HARBIN ENG UNIV
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Stack overflow attacks may cause problems such as program failures, system crashes, and network paralysis. In more serious cases, attackers can gain partial or full control of a host or server through stack overflow attacks
In addition, stack overflow attacks widely exist in various operating systems and application software, and the attack methods are diversified. Therefore, there are many difficulties in fundamentally solving the problem of stack overflow detection and defense.
[0004] To sum up, although researchers have done a lot of research work on stack overflow detection and defense, stack overflow attacks are still rampant
In view of the shortcomings of the current defense technology, such as singleness and low practicability, it is of great scientific theoretical value and practical application significance to study the stack overflow detection defense technology with wide application and strong practicability to improve the security of computer systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Instruction modification virtual platform execution method for kernel stack overflow defense
  • Instruction modification virtual platform execution method for kernel stack overflow defense
  • Instruction modification virtual platform execution method for kernel stack overflow defense

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The present invention will be further described below with examples in conjunction with the accompanying drawings.

[0036] figure 1 with figure 2 It is a flowchart and a comparison sub-flowchart of an instruction modification virtual platform execution method oriented to kernel stack overflow defense provided by an embodiment of the present invention. The present invention is applied to the kernel stack overflow detection in Windows system, comprises the following steps:

[0037]Step 1. The virtual platform is loaded when the computer terminal is started. The initialization of the virtual platform includes obtaining the program entry address, initializing the backup stack and initializing the address mapping table. The program entry address is the first address, and the address mapping table is the first address and the second address stored in the form of address pairs in the storage space. The backup stack is to back up the push instruction in the original progra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an instruction modification virtual platform execution method for kernel stack overflow defense, and belongs to the field of computer security. The method comprises the following steps: establishing a backup stack, an address mapping table and a thread ID index table; with the jump instruction as a segmentation point, obtaining an instruction fragment from the first address,and inserting a first control instruction and a second control instruction; if the instruction fragment has a cal instruction and a let instruction, a third control instruction and a fourth control instruction need to be inserted; independently storing the third instruction fragment, and storing the first address and the second address into an address mapping table; and judging whether a stack overflow attack occurs or not, and if the stack overflow attack occurs, performing stack overflow defense by the virtual platform. According to the invention, the computer runtime instruction can be analyzed in real time, and the call instruction and the let instruction can be monitored. The invention aims to solve the problems of system crash and data loss which may be caused by a stack overflow attack occurring in a computer terminal, and even the risk that the computer terminal is controlled.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method for modifying a virtual platform by instructions facing kernel stack overflow defense. Background technique [0002] Computers have become widely used information processing tools in various fields. However, with the advent of the Internet age and the increasing influence of the Internet on society, computer viruses, malicious codes, and network attacks that exploit system vulnerabilities are disseminated through the Internet. threaten the security of the computer. Buffer overflow is a means of exploiting system vulnerabilities to attack computers. By writing data exceeding its defined length into the buffer of the program, the data in the adjacent storage unit of the buffer is overwritten, and the stack of the program is destroyed. And then force the program to execute the shellcode defined by the attacker. After 2000, the popularization and application of Windows ser...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52G06F21/56G06F9/455
CPCG06F9/45558G06F21/52G06F21/56G06F2009/45583
Inventor 薛迪李静梅吴伟飞田乔汪家祥
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com