[1]彭贺峰 何丰.针对非控制数据的缓冲区溢出保护程序[J].计算机技术与发展,2011,(12):167-171.
 PENG He-feng,HE Feng.Protection Program of Buffer Overflow for Non-Control Data[J].,2011,(12):167-171.
点击复制

针对非控制数据的缓冲区溢出保护程序()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2011年12期
页码:
167-171
栏目:
安全与防范
出版日期:
1900-01-01

文章信息/Info

Title:
Protection Program of Buffer Overflow for Non-Control Data
文章编号:
1673-629X(2011)12-0167-05
作者:
彭贺峰 何丰
北方民族大学计算机科学与工程学院
Author(s):
PENG He-feng HE Feng
School of Computer Science and Engineering, The North University for Ethnics
关键词:
缓冲区溢出非控制数据控制数据
Keywords:
buffer overflow non-control data control data
分类号:
TP309
文献标志码:
A
摘要:
已有的检测缓冲区溢出漏洞的方法有静态的也有动态的。静态分析在软件运行前,析其源代码,找出可能存在的漏洞;动态方法在运行时对可能存在漏洞的软件行为进行监视,发现异常后,进行判断,然后做出适当处理。在分析了传统缓冲区溢出方法的基础上,依据缓冲区溢出攻击的发展趋势,针对非控制数据的缓冲区溢出攻击,提出了一种主要针对非控制数据缓冲区溢出攻击的测试方法,使用变量标识来测试是否发生了缓冲区溢出攻击。这种方法综合了静态和动态分析的优点,能够有效地防御缓冲区溢出攻击
Abstract:
The existing method of detecting buffer overflow vulnerabilities,is static and dynamic. Static analysis before running the soft- ware is to analyze the source code,to identify possible vulnerabilities ;Dynamic method monitors software behavior at run time and found that exception may be vulnerable, to judge the results and then make the appropriate treatment. It analyzes the traditional method of buffer overflow,according to the trend of buffer overflow attacks,presents a test method that aims at against the non-control data buffer overflow attack,use variables identified to test whether there has been buffer overflow attacks. This method combines the advantages of static analysis and dynamic analysis, can be an effective mechanism against buffer overflow attacks

相似文献/References:

[1]史岩 李蜀瑜 丘征 陈长胜.CoSy C语言编译器程序缓冲区溢出研究[J].计算机技术与发展,2012,(06):93.
 SHI Yah,LI Shu-yu,QIU Zheng,et al.Research on Procedure Buffer Overflow of a CoSy C Compiler[J].,2012,(12):93.

备注/Memo

备注/Memo:
国家自然科学基金(71061001/G011201)彭贺峰(1977-),男,河南人,硕士研究生,研究方向为数据挖掘;何丰,教授,主要从事语义web和数据挖掘的研究
更新日期/Last Update: 1900-01-01