基于内存的漏洞缓解关键技术研究

doi:10.3969/j.issn.1671-1122.2014.12.016

信息网络安全 ›› 2014, Vol. 14 ›› Issue (12): 76-82.doi: 10.3969/j.issn.1671-1122.2014.12.016

基于内存的漏洞缓解关键技术研究

贺滢睿¹, 史记¹, 张涛², 文伟平²

1.中国公安大学网络安全保卫学院,北京 100037;
2.北京大学软件与微电子学院,北京 102600

收稿日期:2014-11-15 出版日期:2014-12-15
通讯作者: 贺滢睿 heyingrui415@163.com
作者简介:贺滢睿（1991-）,女,新疆,硕士研究生,主要研究方向：信息对抗、网络安全与防范;史记（1990-）,男,北京,硕士研究生,主要研究方向：漏洞挖掘与利用、软件安全漏洞分析;张涛（1987-）,男,江西,硕士,主要研究方向：系统与网络安全、软件安全漏洞分析;文伟平（1976-）,男,湖南,副教授,博士,主要研究方向：网络攻击与防范、恶意代码研究、信息系统逆向工程和可信计算技术等。
基金资助:
国家自然科学基金[61170282]

The Research on Vulnerability Mitigation in Memory

HE Ying-rui¹, SHI Ji¹, ZHANG Tao², WEN Wei-ping²

1. School of Network Security, People's Public Security of China,Beijing 100037,China;
2. School of Software & Microelectronics, Peking University, Beijing 102600,China

Received:2014-11-15 Online:2014-12-15

摘要/Abstract

摘要： 随着漏洞挖掘技术日渐成熟,每年新增漏洞数量逐步增加。从操作系统以及编译器层面来说,为了提高内存保护的安全性,对抗漏洞利用的缓解措施也在不断完善。文章介绍了近年来比较成熟的基于内存的漏洞关键缓解技术,包括GS编译选项技术、SEH安全校验机制、堆数据保护机制、DEP技术以及ASLR技术。GS编译选项技术和SEH安全校验机制能够有效遏制针对栈数据的攻击;堆数据保护机制为堆溢出增加了更多限制;DEP技术能够对内存执行额外检查以防止恶意代码在系统中执行;ASLR技术通过对关键地址的随机化使一些堆栈溢出手段失效。文章还指出了这些防护措施所存在的不足,并据此从攻击者的角度介绍了针对这几种缓解措施的攻击思路。针对漏洞缓解技术,文章指出未来必须考虑的是如何弥补在抵御复合向量攻击方面的不足,如何完善旁路保护。

关键词: 内存安全, 漏洞缓解, 绕过

Abstract: With the technology of finding vulnerabilities in software getting more mature, the total number of bugs is increasing yearly. In order to improve the security of memory protection, in terms of operating system and compiler, measures taken by OS to mitigate exploit are getting more perfect. This article describes some of the key mitigations, including GS options, SEH, Heap protection, DEP, and ASLR. The GS compiler technology and SEH security authentication mechanism can effectively detect and prevent most stack-based overflow attacks; Heap protection provides more restrictions aiming at stack overflow; DEP can perform additional memory checks to prevent malicious code executing in the system; ASLR helps to prevent buffer overflow attacks by randomizing the key address.The article also points out the drawbacks and introduces some method to defeat these mitigations from the views of attackers. Aiming at the vulnerability mitigation technology, the article points out it must be considered how to cover the shortage on resisting the attack of composite vectors and how to improve and perfect the bypassing protection in the future.

Key words: memory security, vulnerability mitigation, bypassing

中图分类号:

TP309

贺滢睿, 史记, 张涛, 文伟平. 基于内存的漏洞缓解关键技术研究[J]. 信息网络安全, 2014, 14(12): 76-82.

HE Ying-rui, SHI Ji, ZHANG Tao, WEN Wei-ping. The Research on Vulnerability Mitigation in Memory[J]. 信息网络安全, 2014, 14(12): 76-82.

参考文献

[1] 徐有福, 文伟平, 万正苏. 基于漏洞模型检测的安全漏洞挖掘方法研究[J]. 信息网络安全, 2011,(8): 72-75.
[2] Microsoft. /GS（缓冲区安全检查）[EB/OL].
http://msdn.microsoft.com/zh-cn/library/8dbf701c.aspx,2014-11-01.
[3] Cowan C, Wagle P, Pu C, et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade[C]//DARPA Information Survivability Conference and Exposition, 2000. DISCEX&apos;00.Proceedings. IEEE, 2000, (2): 119-129.
[4] 蒋卫华, 李伟华, 杜君. 缓冲区溢出攻击：原理,防御及检测[J]. 计算机工程, 2003, (10):5-7.
[5] Whitehouse O. GS and ASLR in Windows Vista[C]//Black Hat DC, 2007.
[6] Litchfield D. Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform[EB/OL]. http://www.ngssoftware.com/papers/xpms.pdf, 2005.
[7] 魏强, 韦韬, 王嘉捷. 软件漏洞利用缓解及其对抗技术演化[J]. 清华大学学报: 自然科学版, 2011, 51(10): 1274-1280.
[8] Litchfield D. Defeating the stack based buffer overflow prevention mechanism of microsoft windows 2003 server[EB/OL]. https://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-litchfield.pdf,2003.
[9] Skape. Reducing the Effective Entropy of GS Cookies [EB/OL].http://www.leviathansecurity.com/wp-content/uploads/uninformed_v7a2.pdf, 2007-03.
[10] 余俊松, 张玉清, 宋杨, 等. Windows 下缓冲区溢出漏洞的利用[J]. 计算机工程, 2007, 33(17): 162-164. [17]刘磊, 王轶骏, 薛质. 漏洞利用技术 Heap Spray 检测方法研究[J]. 信息安全与通信保密, 2012,(6): 70-72.
[11] Younan Y, Joosen W, Piessens F. Efficient protection against heap-based buffer overflows without resorting to magic[J].Information and Communications Security, 2006,(4307):379-398.
[12] Kimball W B, Perugin S. Software Vulnerabilities by Example: A Fresh Look at the Buffer Overflow Problem-Bypassing SafeSEH[J]. Journal of Information Assurance & Security, 2012, 7(1):1.
[13] XU Y, ZHANG J, WEN W. Windows Security: The gradual improvement of SEH mechanism [J]. Netinfo Security, 2009, (5): 47-50.
[14] Sotirov A, Dowd M. Bypassing browser memory protections in Windows Vista[C]// Blackhat USA, 2008.
[15] PENG J, WU H. Research of the Key Technology for the Windows Vista Memory Protection Mechanism [J]. Computer Engineering & Science, 2007, (12): 11.
[16] 彭建山, 吴灏. Windows Vista内存保护关键技术研究[J]. 计算机工程与科学, 2007, (12):33-36.
[17] 刘磊, 王轶骏, 薛质. 漏洞利用技术 Heap Spray 检测方法研究[J]. 信息安全与通信保密, 2012 (6): 70-72.
[18] Shah S. Browser exploits-attacks and defense[EB/OL].https://eusecwest.com/esw08/esw08-shah.pdf,2008.
[19] Hanebutte N, Oman P W. Software vulnerability mitigation as a proper subset of software maintenance[J]. Journal of Software Maintenance and Evolution: Research and Practice, 2005, 17(6): 379-400.
[20] Sotirov A. Bypassing Memory Protections: The Future of Exploitation[C]//USENIX Security,2009.

基于内存的漏洞缓解关键技术研究

The Research on Vulnerability Mitigation in Memory

RichHTML

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价