Overflow attack defense method and system based on stack randomization

A randomization and random number technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as no return address processing, performance loss, etc., and achieve the effect of good application prospects

Pending Publication Date: 2022-03-25
ZHONGYUAN ENGINEERING COLLEGE
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, the shadow stack strategy: Some shadow stacks still have a certain address mapping relationship with the return address, so the attacker can continue to overwrite the return address in the shadow stack after overwriting the return address. At the same time,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Overflow attack defense method and system based on stack randomization
  • Overflow attack defense method and system based on stack randomization
  • Overflow attack defense method and system based on stack randomization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0033] The stack buffer overflow attack is to continuously write data into the stack, thereby overwriting the return address, so that the software control flow changes. The key to the success of a stack buffer overflow attack is that the attacker can accurately determine the location of the return address. In a real attack scenario, once an attacker finds that the software has a stack buffer overflow attack vulnerability, he can often determine the location of the return address through a limited number of tests. An embodiment of the present invention provides a method for defending against overflow attacks based on stack randomization, see figure 1 As shown, it contains the following content:

[0034] S101, the ran...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of computer security, and particularly relates to an overflow attack defense method and system based on stack randomization, and the method comprises the steps: a random seed generator generates a random seed according to a control parameter provided by a service routine; the random number generator generates a random number for representing a relative distance between a return address and a data overflow point according to the random seed; determining the length of a data fragment used for randomly and dynamically inserting a return address according to the random number, inserting the data fragment with the length determined by the random number into the return address, and generating an embedded component content for randomizing the return address; the content of the embedded component is recompiled through a compiler to generate programs with the same function and added with a security mechanism, and in the security mechanism, the position of a return address in a stack is randomly uncertain when program function calling occurs through return address randomization processing, so that the overflow attack difficulty of a stack buffer area is increased; return address integrity detection and other work are avoided, and the overall efficiency of return address protection is improved.

Description

technical field [0001] The invention belongs to the technical field of computer security, in particular to a stack randomization-based overflow attack defense method and system. Background technique [0002] The stack buffer overflow attack is to continuously write data into the stack, thereby overwriting the return address, so that the software control flow changes. The key to the success of a stack buffer overflow attack is that the attacker can accurately determine the location of the return address. In a real attack scenario, once an attacker finds that the software has a stack buffer overflow attack vulnerability, he can often determine the location of the return address through a limited number of tests. For stack buffer overflow attacks, the most classic defense method is StackGuard. To put it simply, StackGuard inserts a flag word into the stack as a "sentinel". When an attacker tampers with the return address by continuously injecting illegal addresses, the "senti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 原锦辉周洪伟单芳芳文坤
Owner ZHONGYUAN ENGINEERING COLLEGE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap