The Research on Vulnerability Mitigation in Memory

doi:10.3969/j.issn.1671-1122.2014.12.016

Abstract

Abstract: With the technology of finding vulnerabilities in software getting more mature, the total number of bugs is increasing yearly. In order to improve the security of memory protection, in terms of operating system and compiler, measures taken by OS to mitigate exploit are getting more perfect. This article describes some of the key mitigations, including GS options, SEH, Heap protection, DEP, and ASLR. The GS compiler technology and SEH security authentication mechanism can effectively detect and prevent most stack-based overflow attacks; Heap protection provides more restrictions aiming at stack overflow; DEP can perform additional memory checks to prevent malicious code executing in the system; ASLR helps to prevent buffer overflow attacks by randomizing the key address.The article also points out the drawbacks and introduces some method to defeat these mitigations from the views of attackers. Aiming at the vulnerability mitigation technology, the article points out it must be considered how to cover the shortage on resisting the attack of composite vectors and how to improve and perfect the bypassing protection in the future.

Key words: memory security, vulnerability mitigation, bypassing

CLC Number:

TP309

HE Ying-rui, SHI Ji, ZHANG Tao, WEN Wei-ping. The Research on Vulnerability Mitigation in Memory[J]. 信息网络安全, 2014, 14(12): 76-82.

References

[1] 徐有福, 文伟平, 万正苏. 基于漏洞模型检测的安全漏洞挖掘方法研究[J]. 信息网络安全, 2011,(8): 72-75.
[2] Microsoft. /GS（缓冲区安全检查）[EB/OL].
http://msdn.microsoft.com/zh-cn/library/8dbf701c.aspx,2014-11-01.
[3] Cowan C, Wagle P, Pu C, et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade[C]//DARPA Information Survivability Conference and Exposition, 2000. DISCEX&apos;00.Proceedings. IEEE, 2000, (2): 119-129.
[4] 蒋卫华, 李伟华, 杜君. 缓冲区溢出攻击：原理,防御及检测[J]. 计算机工程, 2003, (10):5-7.
[5] Whitehouse O. GS and ASLR in Windows Vista[C]//Black Hat DC, 2007.
[6] Litchfield D. Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform[EB/OL]. http://www.ngssoftware.com/papers/xpms.pdf, 2005.
[7] 魏强, 韦韬, 王嘉捷. 软件漏洞利用缓解及其对抗技术演化[J]. 清华大学学报: 自然科学版, 2011, 51(10): 1274-1280.
[8] Litchfield D. Defeating the stack based buffer overflow prevention mechanism of microsoft windows 2003 server[EB/OL]. https://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-litchfield.pdf,2003.
[9] Skape. Reducing the Effective Entropy of GS Cookies [EB/OL].http://www.leviathansecurity.com/wp-content/uploads/uninformed_v7a2.pdf, 2007-03.
[10] 余俊松, 张玉清, 宋杨, 等. Windows 下缓冲区溢出漏洞的利用[J]. 计算机工程, 2007, 33(17): 162-164. [17]刘磊, 王轶骏, 薛质. 漏洞利用技术 Heap Spray 检测方法研究[J]. 信息安全与通信保密, 2012,(6): 70-72.
[11] Younan Y, Joosen W, Piessens F. Efficient protection against heap-based buffer overflows without resorting to magic[J].Information and Communications Security, 2006,(4307):379-398.
[12] Kimball W B, Perugin S. Software Vulnerabilities by Example: A Fresh Look at the Buffer Overflow Problem-Bypassing SafeSEH[J]. Journal of Information Assurance & Security, 2012, 7(1):1.
[13] XU Y, ZHANG J, WEN W. Windows Security: The gradual improvement of SEH mechanism [J]. Netinfo Security, 2009, (5): 47-50.
[14] Sotirov A, Dowd M. Bypassing browser memory protections in Windows Vista[C]// Blackhat USA, 2008.
[15] PENG J, WU H. Research of the Key Technology for the Windows Vista Memory Protection Mechanism [J]. Computer Engineering & Science, 2007, (12): 11.
[16] 彭建山, 吴灏. Windows Vista内存保护关键技术研究[J]. 计算机工程与科学, 2007, (12):33-36.
[17] 刘磊, 王轶骏, 薛质. 漏洞利用技术 Heap Spray 检测方法研究[J]. 信息安全与通信保密, 2012 (6): 70-72.
[18] Shah S. Browser exploits-attacks and defense[EB/OL].https://eusecwest.com/esw08/esw08-shah.pdf,2008.
[19] Hanebutte N, Oman P W. Software vulnerability mitigation as a proper subset of software maintenance[J]. Journal of Software Maintenance and Evolution: Research and Practice, 2005, 17(6): 379-400.
[20] Sotirov A. Bypassing Memory Protections: The Future of Exploitation[C]//USENIX Security,2009.