缓冲区溢出攻击的检测与防范系统软件工程专业论文.docxVIP

I I 中文摘要 中文摘要 随着实际问题规模和复杂程度的增加，软件的规模也不断扩大，其复杂性越 来越高，导致了层出不穷的缓冲区溢出缺陷和漏洞。无疑，在这个网络化的信息 时代，这些漏洞使得缓冲区溢出攻击极易传播和蔓延，极大地威胁了系统的安全 性。 毫无疑问，如果能采用有效的手段和方法对这种攻击进行防范，对提高软件 本身的健壮性和安全性都具有十分重要的意义。 本文对缓冲区溢出的主要攻击手段进行了分析，在学习了解了目前一些主要 的防御缓冲区溢出的工具和方法以后，发现了这些方法中，如 StackGuard 和 StackShield，仍然存在一些不足：1，为了保证缓冲区不发生溢出，要频繁地进行 检测，在一定程度上影响了 CPU 的运行效率。2，需要源代码，把原来的程序用 专门的编译器重新编译才行。 为了改进现有方法中存在的这些不足和实际需要，本文利用了注入、挂接系 统 API 的方式防止 CPU 运行恶意代码，即不必防止缓冲区是否溢出，而是禁止执 行恶意代码，以达到防御缓冲区溢出攻击的目的。这样做： 第一，在一定程度上，改善了 CPU 的运行效率。 第二，也可以对现有系统进行保护，对诸多商业代码，不必重新编译。 本文还对原有的挂接方法在安全方面做了改进，以防止黑客通过其他手段避 开检测。提高了系统的安全性。最终开发出了安全易用，高速稳定的缓冲区溢出 攻击的防范系统。 关键词：缓冲区溢出攻击，挂接，操作系统 API II II Abstract ABSTRACT With the increasing scale of the actual problem and complexity of software, the scale and its complexity are becoming respectively bigger and higher, that also leads to the buffer overflow flaws and bugs exist in a large number of programs. Undoubtedly, in this networked information era, these bugs make the Buffer Overflow Attack very easy propagate, it threatens the systematic security greatly. No doubt, if some effective means and methods could be adopted to take precautions against this specific attack, it will have a significant meaning to the security of the software system. In this thesis, the main ways and means of the Buffer Overflow Attack have been analyzed. After learning and understanding some of the current tools and methods of detecting buffer overflow, some shortcomings have been discovered in these methods, such as StackGrard and StackShield: Firstly, in order to ensure that there are no buffer overflows, it is necessary to detect vulnerabilities so frequently, that the efficiency of CPU has been affected in a certain degree. Secondly, the source code of the program is required, to recompile the program with specialized compiler. In order to remove the deficiencies of the current methods, and be adequately concerned of the actual needs. another methods, injecting code and hooking operating system API, have been adopted to for