跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 曾子軒
Tzu-Hsuan Tseng
論文名稱: VAP : An AutoPatch Mechanism for Buffer Overflow Vulnerabilities in Source Code
指導教授: 許富皓
Fu-Hau Hsu
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 44
中文關鍵詞: 緩衝區溢位自動修補
外文關鍵詞: Buffer Overflow, AutoPatch
相關次數: 點閱:6下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 緩衝區溢位攻擊一直是常見的軟體攻擊手法之一,程式設計師一不
    小心就有可能讓程式碼中隱含著緩衝區溢位漏洞,雖然漏洞本身容易修
    補,但這個問題仍持續不斷地出現,且由於其能控制重要的資料結構,
    所造成的傷殺力極大,因此勢必是需要解決的棘手問題之一。

    過去有許多研究提出的防禦方法皆能偵測到緩衝區溢位的情形發生
    並即時終止程式,本篇論文提出不同的作法,藉由靜態分析程式中介
    碼,針對常造成緩衝區溢位的輸入函式做檢查與修補,直接防堵程式在
    執行時發生緩衝區溢位,能正常且順利執行下去。本研究將系統實作為
    LLVM Pass 的形式,讓使用者能自由選擇使用或融入編譯鏈結過程中的
    一部分。

    Buffer overflow attacks have been one of the most common approaches of software attacks. This kind of vulnerabilities may occur if the programmer does not write code carefully. Although fixing the vulnerability itself is simple, buffer overflow attacks appear frequently and continuously. In addition, since it can control the important data structures, the damage it caused is quite severe. As a result, it is one of the thorny issues that have to be solved without a doubt.

    In the past, there are many research whose defense methods can detect the occurrence of buffer overflow and terminate the process immediately. This paper presents a different way: by statically analyzing the intermediate representation code, we can automatically check and patch the input functions which often cause buffer overflow, so that the program can run safely and correctly. Furthermore, we implement the system as a LLVM Pass; therefore, users can use it depending on their requirements.

    摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 vi 表目錄 viii 第1 章緒 1 第2 章背景介紹 3 2.1 Buffer Overflow 3 2.2 常用輸入函式 4 2.2.1 gets 4 2.2.2 fgets 5 2.2.3 read 5 2.2.4 scanf 6 2.3 LLVM 6 2.4 LLVM IR 7 2.5 LLVM Pass 8 第3 章系統架構與實作 9 3.1 系統功能 9 3.2 系統實作 9 3.3 系統架構 10 3.4 系統Data Path 11 3.5 系統元件 12 3.5.1 Parameter Handler 12 3.5.2 Overflow Detector Invocation Injector 12 3.5.3 Checker 13 3.5.4 Patcher 16 3.5.5 Dynamic Size Patcher Injector 17 第4 章實驗評估 19 4.1 實驗環境 19 4.2 實驗對象 19 4.3 實驗流程與結果 20 4.4 效能評估 23 第5 章相關研究 24 5.1 偵測修補 24 5.1.1 AddressSanitizer 24 5.1.2 Mudflap 25 5.2 漏洞修補 25 5.2.1 AutoPaG 25 5.2.2 Rule-Based Approach 26 第6 章討論 27 6.1 Future Work 27 6.2 Binary Rewriting Without Source Code 27 6.2.1 Mcsema 27 6.2.2 RetDec 28 第7 章總結 29 參考文獻 30

    [1] C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A.
    Grier, P. Wagle, and Q. Zhang, “Stackguard: Automatic adaptive detection and
    prevention of buffer-overflow attacks,” in Proceedings of the 7th Conference on
    USENIX Security Symposium - Volume 7, ser. SSYM’98, San Antonio, Texas:
    USENIX Association, 1998, pp. 5–5. [Online]. Available: http://dl.acm.org/
    citation.cfm?id=1267549.1267554.
    [2] K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, “Addresssanitizer: A
    fast address sanity checker,” in Presented as part of the 2012 USENIX Annual
    Technical Conference (USENIX ATC 12), Boston, MA: USENIX, 2012, pp. 309–
    318, isbn: 978-931971-93-5. [Online]. Available: https : / / www . usenix . org /
    conference/atc12/technical-sessions/presentation/serebryany.
    [3] F. Eigler, “Mudflap: Pointer use checking for c/c++,” Jan. 2003.
    [4] H. Shacham et al., “The geometry of innocent flesh on the bone: Return-intolibc
    without function calls (on the x86).,” in ACM conference on Computer and
    communications security, New York, 2007, pp. 552–561.
    [5] R. Roemer, E. Buchanan, H. Shacham, and S. Savage, “Return-oriented programming:
    Systems, languages, and applications,” ACM Trans. Inf. Syst. Secur., vol. 15,
    no. 1, 2:1–2:34, Mar. 2012, issn: 1094-9224. doi: 10.1145/2133375.2133377. [Online].
    Available: http://doi.acm.org/10.1145/2133375.2133377.
    [6] T. Newsham, Format string attacks, 2000.
    [7] C. Lattner, The architecture of open source applications: Llvm. [Online]. Available:
    http://www.aosabook.org/en/llvm.html.
    [8] A. Sampson, Adrian sampson: Llvm for grad students, Aug. 3, 2015. [Online]. Available:
    https://www.cs.cornell.edu/~asampson/blog/llvm.html.
    [9] ——, Adrian sampson: Llvm for grad students, Aug. 3, 2015. [Online]. Available:
    https://www.cs.cornell.edu/~asampson/blog/llvm.html.
    [10] Y. Lin, “Cird: A solution to detect real-time zero-day code injection attacks,” 2019.
    [11] C. Hou, “Roprd: A solution to detect real-time zero-day rop attacks,” 2019.
    [12] benjamin.redelings, Bug 19319 - mudflap produce many violations on simple, correct c++ program, Jan. 7, 2005. [Online]. Available: https://gcc.gnu.org/bugzilla/
    show_bug.cgi?id=19319.
    [13] Z. Lin, X. Jiang, D. Xu, B. Mao, and L. Xie, “Autopag: Towards automated software patch generation with source code root cause identification and repair,” in
    Proceedings of the 2Nd ACM Symposium on Information, Computer and Communications
    Security, ser. ASIACCS ’07, Singapore: ACM, 2007, pp. 329–340, isbn:
    1-59593-574-6. doi: 10.1145/1229285.1267001. [Online]. Available: http://doi.
    acm.org/10.1145/1229285.1267001.
    [14] H. Shahriar, H. M. Haddad, and I. Vaidya, “Buffer overflow patching for c and c+
    + programs: Rule-based approach,” SIGAPP Appl. Comput. Rev., vol. 13, no. 2,
    pp. 8–19, Jun. 2013, issn: 1559-6915. doi: 10.1145/2505420.2505421. [Online].
    Available: http://doi.acm.org/10.1145/2505420.2505421.
    [15] T. of Bits, The github page of mcsema. [Online]. Available: https://github.com/
    trailofbits/mcsema.
    [16] Avast, The github page of retdec. [Online]. Available: https://github.com/avast/
    retdec.

    QR CODE
    :::