构件栈缓冲区溢出漏洞检测系统的设计与实现

J4 ›› 2011, Vol. 46 ›› Issue (9): 43-47.

• SEWM 2011 会议 • 上一篇下一篇

构件栈缓冲区溢出漏洞检测系统的设计与实现

陈锦富¹,张超^2,卢炎生²,王环环¹

1.江苏大学计算机科学与通信工程学院, 江苏镇江 212013;
2.华中科技大学计算机科学与技术学院, 湖北武汉 430074

收稿日期:2010-05-19 出版日期:2011-09-20 发布日期:2011-09-08
作者简介:陈锦富(1978- ),男,讲师,博士,研究方向为软件测试、数据库系统. Email: jinfuchen@ujs.edu.cn
基金资助:
国家自然科学基金项目(61063013);教育部博士点专项基金项目(20103227120005);江苏大学高级人才启动基金项目(09JDG047)

Design and implementation of component stack overflow vulnerability detection system

CHEN Jin-fu^1,2, ZHANG Chao², LU Yan-sheng², WANG Huan-huan¹

1. School of Computer Science and Telecommunication Engineering, Jiangsu University,
Zhenjiang 212013, Jiangsu, China; 2. School of Computer Science and Technology,
Huazhong University of Science and Technology,Wuhan 430074, Hubei, China

Received:2010-05-19 Online:2011-09-20 Published:2011-09-08

摘要/Abstract

摘要：

随着COM构件技术的广泛使用,COM构件暴露出越来越多的缓冲区溢出安全漏洞。为进一步提高COM构件的安全性,本文设计实现了COM构件栈缓冲区溢出漏洞检测系统CSDS(component stack-overflow detecting system),并在其中实现了一个栈溢出检测算法。CSDS主要有接口分析、函数定位、栈溢出静态分析和结果输出4个模块,接口分析模块分析被测COM构件得到构件的对象、接口及函数的详细信息;函数定位模块获取构件中用户编写的函数在该构件对应的汇编代码中的线性地址;栈溢出静态分析模块使用提出的栈溢出检测算法生成COM构件汇编代码及分析栈溢出漏洞;结果输出模块将检测结果用XML的形式表示出来。所实现的原型系统CSDS对COM构件栈缓冲区溢出漏洞具有一定的检测效果。

关键词: COM构件; 缓冲区溢出漏洞; 静态分析; 危险函数

Abstract:

Problems with buffer overflow security exposed by the COM component are more and more with the COM component technology widely used. The system CSDS (component stack overflow detecting system), which can detect buffer-overflow vulnerability of COM component, is designed and implemented in this paper. The CSDS system contains four modules, such as interface analysis module, function position module, stack-overflow static analysis module and result output module. The detail information of objects, interfaces and functions of the COM component is obtained through the interface analysis module. The linear address that the userwritten function corresponded in the assembly code of the component is analyzed and obtained through function position module. COM component assembly codes are implemented and stack-overflow vulnerability is analyzed through stackoverflow static analysis module. Test results can be expressed by the form of XML through result output module. The implemented prototype system CSDS has good effect on stack buffer-overflow vulnerability of the COM component.

Key words: COM component; buffer overflow vulnerability; static analysis; hazard function

陈锦富1,张超2,卢炎生2,王环环1. 构件栈缓冲区溢出漏洞检测系统的设计与实现[J]. J4, 2011, 46(9): 43-47.

CHEN Jin-fu1,2, ZHANG Chao2, LU Yan-sheng2, WANG Huan-huan1. Design and implementation of component stack overflow vulnerability detection system[J]. J4, 2011, 46(9): 43-47.

参考文献

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

构件栈缓冲区溢出漏洞检测系统的设计与实现

Design and implementation of component stack overflow vulnerability detection system

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

多维度评价

本文评价

推荐阅读 0