基于动态二进制探测框架的缓冲区溢出检测分析-analysis of buffer overflow detection based on dynamic binary detection framework.docxVIP

上海交通大学硕士学位论文 摘 要 - II - 判定三个步骤。它能够检测出各种类型的缓冲区溢出攻击，具有普适 性。 本研究以动态二进制探测方法和污点分析方法为指导，在动态二 进制翻译系统 Crossbit 基础上构建了动态二进制探测框架 CrossIF， 并在此基础上实现了防御缓冲 区溢出的动态二进制探测工 具 BufferSafeTy。通过实例验证 BufferSafeTy 的功能，可以得出这样 的结论：综合动态二进制探测方法和污点分析方法的缓冲区溢出防御 工具，能够在只有二进制代码的情况下，防御各种类型的缓冲区溢出 的攻击行为，弥补了现有缓冲区溢出防御工具的不足。 关键字：缓冲区溢出检测，动态二进制探测，污点分析，CrossIF， BufferSafeTy 上海交通大学硕士学位论文 ABSTRACT - III - BUFFER OVERFLOW DETECTION BASED ON DYNAMIC BINARY INSTRUMENTATION FRAMEWORK ABSTRACT Buffer overflow is the most common bugs in program. The number of buffer overflow attacks was increasing during the last two decades, bringing users great loss. Accordingly, the research on buffer overflow detection and defense of buffer overflow attack are more and more popular. There are lots of buffer overflow detection tools at present. Because of the detection method, almost of these tools have two limitations. First, they need the source code. And second, they can only detect specific buffer overflow bugs. This paper presents a method combining dynamic binary instrumentation and taint analysis to defense buffer overflow attacks. Dynamic binary instrumentation is a method which adds instrumentation code to original binary code to collect program behavior information. It doesn’t need the existence of source code and is compatible with commercial software and legacy code. For better efficiency, most dynamic binary instrumentation tools are developed -  PAGE 7 - based on dynamic binary instrumentation framework. Taint analysis is a method marking the data in program as two categories, which are tainted and clean. It also manages the taint attribute during program execution. Once the taint data are used in illegal ways it asserts a potential attack. It can detect many kinds of buffer overflow attacks. This paper describes a dynamic binary instrumentation framework, CrossIF, which build on Crossbit, and a dynamic binary instrumentation tool, BufferSafeTy, for detecting buffer overflow attacks. BufferSafeTy was de