Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Protection method and system for preventing stack overflow attack

A stack overflow and system protection technology, applied in platform integrity maintenance, program control design, instruments, etc., can solve problems such as high consumption, segmentation fault, and large amount of computation, and achieve the effect of preventing overflow attacks.

Pending Publication Date: 2021-06-11
BEIJING XUEZHITU NETWORK TECH
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The second is random value filling. The canary value is randomly generated when the program is initialized, and then this value is saved in a memory page that is not mapped into the virtual address space. When the attacker tries to access the memory that holds the random number through a pointer segfault
[0007] The existing technology has the following disadvantages: the first method of generating canary value uses fixed characters to fill the position of the canary word which is easy to be detected by the attacker. If the filling area is skipped and the subsequent data is directly modified, the protection method will be invalid; The second method of generating canary value will generate a random number padding, but this random number will be saved in the function stack, the attacker still has a chance to obtain the value of the function; the third method is to calculate a random number and all Although the method of controlling information and returning address values ​​can detect all control information and modifying return addresses, it involves a lot of calculations and consumes a lot

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protection method and system for preventing stack overflow attack
  • Protection method and system for preventing stack overflow attack
  • Protection method and system for preventing stack overflow attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] In order to overcome the defects in the existing technical solutions, the present invention provides a protection method for preventing stack overflow attacks, combining the advantages of the three canary value generation methods, and solving the problem of attackers bypassing the canaryword to modify the return value under the condition of reducing the amount of calculation The problem. This enhances stack protection.

[0061] In order to solve the problem that the attacker bypasses the canary word and directly modifies the return value, a protection method against stack overflow attacks is proposed. The main idea of ​​this method is: combining the advantages of the three canary value generation methods in the prior art, the canary word is generated by concatenating fixed values ​​including NULL, CR, LF and other characters plus random values, and at the same time, before and after the function that needs to be protected Add a piece of code each. The code at the begin...

Embodiment 2

[0070] Please refer to image 3 , image 3 It is a schematic structural diagram of the protection system for preventing stack overflow attacks of the present invention. Such as image 3 Shown is a protection system for preventing stack overflow attacks of the present invention, including:

[0071] Constructing a canary value module, the constructing canary value module constructs any canary value when a function call occurs;

[0072] Inserting a module, the inserting module inserts the canary value into the called sub-function stack space for data filling;

[0073] A recording module, the recording module adds a code before and after the called sub-function, respectively calculates the XOR result of the canary value and the return value by two described codes;

[0074] A comparison module, the comparison module compares the XOR results of the two canary values ​​and the return value;

[0075] In the output module, if the XOR results are equal, the function jumps normally ...

Embodiment 3

[0081] combine Figure 4 As shown, this embodiment discloses a specific implementation manner of a computer device. The computer device may comprise a processor 81 and a memory 82 storing computer program instructions.

[0082] Specifically, the processor 81 may include a central processing unit (CPU), or an Application Specific Integrated Circuit (ASIC for short), or may be configured to implement one or more integrated circuits in the embodiments of the present application.

[0083]Among them, the memory 82 may include mass storage for data or instructions. For example without limitation, the memory 82 may include a hard disk drive (Hard Disk Drive, referred to as HDD), a floppy disk drive, a solid state drive (SolidState Drive, referred to as SSD), flash memory, optical disk, magneto-optical disk, magnetic tape or universal serial bus (Universal Serial Bus, referred to as USB) drive or a combination of two or more of the above. Storage 82 may comprise removable or non-re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a protection method and system for preventing a stack overflow attack, and the method comprises the steps of constructing a canary value: constructing any canary value when a function call occurs; an insertion step: inserting the canary value into the called sub-function stack space for data filling; a recording step: adding a code in front of and behind the called sub-function respectively, and calculating an XOR result of the canary value and the return value respectively through the two codes; a comparison step: comparing the XOR results of the two canary values and the return value; an output step: if the XOR results are equal, returning the function jumps normally and a jump result; and if the XOR results are not equal, stopping program jump. According to the invention, the attack behavior that the return address is directly modified by bypassing the canary value can be detected under the condition that the calculation amount is as small as possible.

Description

technical field [0001] The invention belongs to the field of protection against stack overflow attacks, in particular to a protection method and system for preventing stack overflow attacks. Background technique [0002] In modern operating systems, applications are often difficult to achieve perfection, coupled with the limitations of programming languages, resulting in the emergence of various program vulnerabilities. Buffer overflow attack represented by stack overflow has become the most common security hole. Using it can destroy the normal execution process of the program, and more seriously, it can allow attackers to obtain system permissions through ordinary users to perform illegal operations on sensitive data, posing a great threat to the system environment. When an attacker exploits a stack overflow vulnerability, he usually destroys the current function stack. For example, the most common attack method is that the attacker uses the strcpy() function not to check...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52G06F9/448
CPCG06F21/52G06F9/4482
Inventor 朱黎刘远郭镔
Owner BEIJING XUEZHITU NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com