XU Qi-jie,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.16.049

2007-01-01

Abstract:Buffer overflow attack is one of the most threatening attack types and it jeopardizes information security a lot.According to the principle of the attack,this paper generalizes three necessary steps of a buffer overflow attack.It divides the most popular technologies of buffer overflow attack detection into three types in light of detecting the three attack steps,and also analyzes and studies those technologies.

LUO ling,Wang Chengliang

DOI: https://doi.org/10.3969/j.issn.2095-347x.2005.03.006

2005-01-01

Abstract:With the rapid development of Internet, network security is becoming more and more important. Among the increasingly mature technologies used by hackers, buffer overflow is one widely used by hackers to attack computer. If it can be eliminated efficiently, most security problem can be solved. This paper analyzes the principle of buffer overflow, primary intrusion process, intrusion mechanism and protection method in detail, and then produces a PAR-AD algorithm. This algorithm will help to find out buffer overflow intrusion automatically and strengthen the security of network.

Minglei SHANG,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.014

2005-01-01

Abstract:The principle of buffer overflow and overflow string are analyzed.Then several typical real-time buffer overflow attacks detectionmethods are analyzed.At last, a real-time buffer overflow attack detection approach based on system calls is presented.This approach adds mandatoryaccess control to original system call function by the means of hijacking system calls.In the way of monitoring illegal system calls,it can detect andprevent various buffer overflow attacks of improving priviledge.

WANG Ye-jun,NI Xi-zhen,WEN Wei-ping,JIANG Jian-chun

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.10.033

2005-01-01

Abstract:The buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. After the principle of the buffer overflow attack is explained, this paper analyzes the causes leading to the attacks. Then the usual attack types the attackers often exploit are presented. Last, the common measures to defend these attacks and my own idea about the solution of this problem by modifying the compiler and the relevant functions of the system are given.

董敏,毕盛,齐德昱,胡立新

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.23.064

2008-01-01

Abstract:Combining with the principles of the produce to buffer overflow attack,this paper analyzes the structure of buffer overflow attack codes,and describes the Snort rules used for buffer overflow attack inspection.It constructs a state-graph-based analysis model of buffer overflow attack,which has theoretical and practical meaning to buffer overflow attack analysis and prevention.

Si-Hao SHAO,Qing GAO,Sen MA,Fu-Yao DUAN,Xiao MA,Shi-Kun ZHANG,Jin-Hua HU

DOI: https://doi.org/10.13328/j.cnki.jos.005504

2018-01-01

Abstract:First,in this paper,the breadth and risk of buffer overflow vulnerabilities are introduced.Then,from the aspect of how to exploit a buffer overflow vulnerability,an overview is provided on the definition of buffer overflow vulnerabilities,memory organization in operation systems,and classification of buffer overflow attacks.Based on the research,buffer overflow analysis technologies are classified into three categories:automatic detection,automatic repair,and run-time protection.Each types of technologies are introduced,analyzed and discussed according to the classification.Finally,three possible research directions in the field of buffer overflow vulnerability analysis are discussed:(1) analyzing binary code;(2) using machine learning algorithms;(3) combining multiple technologies for analysis.

Wei Jiang

2002-01-01

Abstract:Buffer overflow attacking is a seriously problem in network security. The paper analyses deeply the principle and possible of buffer overflow attacking. At last propose the method to defense buffer overflow attacking in writing programmer.

Tianjie Cao

2009-01-01

Abstract:Buffer overflow attack is often used by hackers,the attacker can get the highest authority of the computer though it ,so it poses a great threat on computer security. This paper analyses the most commonly used methods on buffer overflow defense and presents a new detecting method of buffer overflow attacks based on address confirmation ,starting by analyzing the principle of buffer overflow attacks.

Tao Ye,Lingming Zhang,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/ICST.2016.21

2016-01-01

Abstract:Buffer overflow is one of the most common types of software security vulnerabilities. Although researchers have proposed various static and dynamic techniques for buffer overflow detection, buffer overflow attacks against both legacy and newly-deployed software systems are still quite prevalent. Compared with dynamic detection techniques, static techniques are more systematic and scalable. However, there are few studies on the effectiveness of state-of-the-art static buffer overflow detection techniques. In this paper, we perform an in-depth quantitative and qualitative study on static buffer overflow detection. More specifically, we obtain both the buggy and fixed versions of 100 buffer overflow bugs from 63 real-world projects totalling 28 MLoC (Millions of Lines of Code) based on the reports in Common Vulnerabilities and Exposures (CVE). Then, quantitatively, we apply Fortify, Checkmarx, and Splint to all the buggy versions to investigate their false negatives, and also apply them to all the fixed versions to investigate their false positives. We also qualitatively investigate the causes for the false-negatives and false-positives of studied techniques to guide the design and implementation of more advanced buffer overflow detection techniques. Finally, we also categorized the patterns of manual buffer overflow repair actions to guide automated repair techniques for buffer overflow. The experiment data is available at http://bo-study.github.io/Buffer-Overflow-Cases/.

刘磊,王轶骏,薛质

DOI: https://doi.org/10.3969/j.issn.1009-8054.2012.06.032

2012-01-01

Abstract:Heap Spray, as a very popular vulnerability-exploiting technology in recent years, is widely-used in the attacks against the browser. This technology greatly reduces the difficulty in address jump after the buffer overflow and significantly improves the success rate of buffer overflow attacks. This paper, through analysis on the principle of Heap Spray technology, gives some technical details. Then the existing detection technologies are divided into three types, including detection based on string, detection based on memory protection, and detection based on system call. And these detections are expounded with some typical examples.

WANG Qing,LIU Jia-yong,HU Yong

DOI: https://doi.org/10.3969/j.issn.1671-1742.2007.01.007

2007-01-01

Abstract:The current network attack technology is introduced.Its classification and realization is analyzed.The method to scan the overflow vulnerability is studied and the overflow vulnerability pnp is realized under the Windows 2000.

罗鸿彦,薛质

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.08.054

2008-01-01

Abstract:Buffer overflow attack is one of the most widely used ways by hacker on internet. This paper begin with the memory management mechanism of Linux system, explains the method of function call on Linux, discusses how the buffer overflow is caused on Linux, and illustrates the whole course of the generation of buffer overflow, then analyzes with examples the ways to use the buffer overflow.

ZHENG Ran,LI Zhan-huai,WANG Yan-long

2007-01-01

Journal of Computer Applications

Abstract:On the basis of the database system and data disaster tolerance system,a bitmap-based log overflow protection mechanism was designed due to the problem of the size limitation in the current log technology.We discussed the implementation of the mechanism from data consistent and atomic operation,and analyzed the superiority of the mechanism compared with traditional log technology.It's proved by the prototype that the mechanism effectively resolves the log overflow problem due to network congestion and sudden increment of I/O requests,thus data replication can be guaranteed.

马一楠,张立和

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.17.050

2010-01-01

Abstract:In this paper,the main buffer overflow protection mechanism is summarized under the current Windows platform,and the method and technologies about bypassing these protection mechanisms are studied,which can increase the success rate of vulnerabilities analysis and use,and guide to improve the security of the operating system.The paper describes the development of the current main technologies on bypassing the buffer overflow protection mechanisms.The principles and methods about bypassing stack overflow protection,heap overflow protection Data Execution Prevention(DEP) are all given.Effectiveness of the methods of bypassing DEP is verified through an experiment.

Zm Gu,Jd Yao,J Qin

2002-01-01

Abstract:In order to attack and obtain the remote root privilege, buffer overflow and suid program have become a common method for hackers. In this paper, the attacking principles using buffer overflow on Linux have been analyzed, and the corresponding protection strategies have been given too.

REN Gao-ming,QIAO Xiang-dong,YANG Tong,BAI Jun-liang

DOI: https://doi.org/10.16208/j.issn1000-7024.2011.09.060

2011-01-01

Abstract:To verify whether WehnTrust have the expected detection and prevention function of buffer overflow attacks,experiments are designed to test it.First,the source code of the intrusion prevention system is analyzed and debugged.On this basis,five experiments are presented to simulate buffer overflow attack;and,aiming at the features of WehnTrust,experimental environment is built to simulate attacked test of the C++ virtual function,structured exception handing attack and format string attack.By analyzing and summarizing the experimental results,it is indicated that WehnTrust are not fully capable of intrusion prevention of the developers claimed.

XIA Jian-jun,SUN Le-chang,LIU Jing-ju,ZHANG Min,CAI Ming

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.09.095

2011-01-01

Abstract:Buffer overflow(BOF) is always one of the most dangerous vulnerabilities to computer security.This paper proposed multi-dimentional Fuzzing of buffer overflow(MFBOF),which was based on multi-dimentional Fuzzing technology,combined the structure knowledge of target's input,static binary code analysis and dynamic I/O analysis technique,generated test cases using adaptive simulated annealing genetic algorithm.The results of testing Libpng validate that MFBOF is effective.At last,this paper gave its further improvement directions.

Yi XIN,Bin-xing FANG,Xiao-chun YUN

DOI: https://doi.org/10.3321/j.issn:0367-6234.2007.09.022

2007-01-01

Abstract:After the analysis of the principles and methods of buffer overflow, we presented a new approach that is Code Execution Simulation (CES) to detect network remote buffer overflow. This approach was based on the calculation of the maximum executive length in packets by code execution simulation. The experiment result shows that this approach is effective and quick to detect classical network buffer overflow as well as poly-mephic shellcode.

Wenbing XIE,Xiaodong MA,Zhongsheng LI,Xiamu NIU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1407-0160

2016-01-01

Abstract:Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.

JIANG Liang,WANG Yong-jie,XIAN Ming,XIAO Shun-ping

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.11.044

2007-01-01

Abstract:Buffer overflow vulnerability is one of the most common security flaws in software system.Though various protective measures have greatly increased the difficulty of exploitation of buffer overflow,but they don't solve the problem fundamentally.From the perspective of the attackers,the technological developments of exploitation of buffer overflow in recent years were introduced,detailed description and analysis was presented about how shellcode broken through those protective measures.