Stack buffer overflow attack defense method and system based on dynamic shadow stack

A buffer overflow and shadow stack technology, applied in transmission systems, digital transmission systems, and the input/output process of data processing, etc., can solve problems such as tampering, and achieve the effect of improving security and increasing attack difficulty.

Pending Publication Date: 2022-03-29
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Take ParallelShadow Stack as an example: As an important implementation method of the shadow stack, the position of the parallel shadow stack is separated from the normal stack by a fixed offset. When the address of the normal stack is leaked, the position of the shadow stack is also exposed, which exists like the return address Possibility of being tampered with by an attacker

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Stack buffer overflow attack defense method and system based on dynamic shadow stack
  • Stack buffer overflow attack defense method and system based on dynamic shadow stack
  • Stack buffer overflow attack defense method and system based on dynamic shadow stack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0040] In order to facilitate understanding of the present invention, at first following three nouns are explained as follows:

[0041] 1. LFSR: A linear feedback shift register (LFSR) refers to a shift register that, given the output of the previous state, reuses the linear function of the output as an input. The XOR operation is the most common single-bit linear function: some bits of the register are XORed as input, and then the bits in the register are shi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of stack buffer overflow attack defense, and particularly relates to a stack buffer overflow attack defense method and system based on a dynamic shadow stack, and the method comprises the steps: applying for a large enough storage space in a process address space for storing shadow stack contents; dividing the content of the shadow stack into a plurality of shares for scattered storage by adopting a secret sharing method; a random number stream is generated based on a random factor generated by software and a shift feedback register, a storage address of a shadow stack which changes randomly is generated during each time of function calling, namely, a storage address of shares of the shadow stack which changes randomly is generated, and the shares are stored in specified positions of a storage space in a scattered mode. According to the method, dual protection of the shadow stack is achieved mainly through shadow stack content scattered storage and shadow stack address randomization, the attack difficulty is greatly increased, and therefore the security of the shadow stack is improved.

Description

technical field [0001] The invention belongs to the technical field of stack buffer overflow attack defense, in particular to a stack buffer overflow attack defense method and system based on a dynamic shadow stack. Background technique [0002] Since stack buffer overflow attacks need to overwrite the contents of the stack, the direct method to detect stack buffer overflow attacks is to check whether the contents of the stack have been tampered with, and the representative method is StackGuard. This method is to implant a piece of special data in the stack as a "sentinel", and the "sentinel" is located between the attack occurrence point and the storage location of the return address. In this way, when the attacker overwrites the contents of the stack by continuously injecting illegal data, the "sentinel" will also be overwritten. Therefore, by checking whether the "sentinel" has been tampered with, it is possible to obtain whether the return address has been tampered with...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/64H04L9/08G06F3/06
CPCG06F21/64H04L9/085H04L9/0869G06F3/062
Inventor 周洪伟柯志鹏张玉臣汪永伟李福林黄晓捷郭睿超李升升
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap