基于Canary复用的SSP安全缺陷分析

发布时间：2018-03-07 05:36

  本文选题：栈保护机制　切入点：Canary复用　出处：《北京邮电大学学报》2017年S1期 　论文类型：期刊论文

【摘要】：核保护机制(SSP)是缓解栈缓冲区溢出漏洞攻击最有效的安全机制,通过系统生成的随机数保证栈不被修改,目前关于SSP机制的绕过技术主要是基于暴力破解.为此,揭示了一种可以泄露随机数的安全缺陷模型,由于操作系统没有及时清空死亡栈帧,导致随机数可能存在于无效空间,利用此特性的绕过方式被称为Canary复用.实验验证了这种安全缺陷的可利用性与稳定性,基于此特点,提出了两种有效的解决方案.
[Abstract]:The nuclear protection mechanism (SSP) is the most effective security mechanism to mitigate the stack buffer overflow vulnerability attack. The random number generated by the system ensures that the stack will not be modified. At present, the bypass technology of the SSP mechanism is mainly based on brute force cracking. This paper presents a security defect model that can leak random numbers. Because the operating system does not clear the dead stack frames in time, the random numbers may exist in invalid space. The bypass method using this property is called Canary reuse. The availability and stability of this security defect are verified by experiments. Based on this characteristic, two effective solutions are proposed.
【作者单位】： 江南计算技术研究所;
【分类号】：TP309
，

本文编号：1578179