Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Fault-tolerant method of software stack buffer overflow

A buffer overflow and buffer technology, applied in the field of computer security, can solve the problems of high false negative rate, inability to stack buffer overflow fault tolerance, strong conditions, etc., and achieve the effect of high flexibility

Inactive Publication Date: 2014-06-04
HUAZHONG UNIV OF SCI & TECH
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the above method still has major deficiencies when solving stack buffer overflow
Static detection methods suffer from high false positive and high false negative rates
The dynamic protection scheme can only prevent the use of stack buffer overflow to execute unauthorized code, only guarantees security, but cannot fault tolerance to stack buffer overflow, and cannot guarantee the correctness and reliability of program execution
In addition, in terms of implementation, the above method requires strong conditions, and the source code of the program needs to be obtained, and the source code of the program needs to be recompiled with a modified compiler.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fault-tolerant method of software stack buffer overflow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0017] like figure 1 Shown, the inventive method comprises the following steps:

[0018] (1) obtain the target program of fault-tolerant protection;

[0019] (2) Perform object code analysis or debugging information analysis on the binary executable file of the fault-tolerant target program, and identify the set F of functions in the target program and the set I of the stack buffer information in the function. F={f 1 , f 2 ,..., f n}, where n is the number of functions contained in the target program, f i Represents a function. define f i The information set of the buffer contained in is B i ={b 1 , b 2 ,...,b m}, b j Represents information about a stack buffer. b j is a two-tuple {b j .o, b j .l}, b j .o is the starting offset address of the stack buffer, b j .l is the length of the stack buffer, a collection of stack buffer ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a fault-tolerant method of software stack buffer overflow, which comprises the following steps of: obtaining a fault-tolerant-protection target program; parsing a binary executable file of the target program so as to identify functions in the target program and information of the stack buffer in the functions; attaching a dynamic instrumentation tool to all threads of the target program; using the dynamic instrumentation tool to intercept function call and function return; determining whether the intercept results are the function call of the target program or not, if so, using the dynamic instrumentation tool to intercept the initialization operation of the stack buffer, allocating a heap buffer in the heap space of the target program, so that the heap buffer is mapped with the stack buffer; saving a mapping relationship between the stack buffer and the heap buffer in a mapping table, and the mapping relationship comprising stack buffer information and heap buffer information; and using the dynamic instrumentation tool to intercept all memory access operations in order to obtain the virtual effective addresses of the memory access operation. The method realizes the fault tolerance of the stack buffer overflow.

Description

technical field [0001] The invention belongs to the field of computer safety, and in particular relates to a fault-tolerant method for software stack buffer overflow. Background technique [0002] Currently, there are some solutions to the problem of stack buffer overflow to prevent the execution of unauthorized code by using stack buffer overflow, which are mainly divided into two types: static detection and dynamic protection. Static detection methods mainly include static detection based on source code and detection based on object code. ITS, Splint and MOPS are three representative tools of static analysis methods. This class of methods identifies partial buffer overflows, format string overflows, and race condition vulnerabilities in filesystems related to vulnerable library functions. Dynamic protection refers to the dynamic defense during the running of the program to prevent the attacker from modifying the function return address into malicious code and running it ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/14G06F9/45
Inventor 金海邹德清郑伟德陈刚羌卫中
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com