Reserch On The Address Space Layout Randomization Technology Based On Windows Platform

With more and more Internet applications being utilized in people's daily life,the computer software system is playing an increasingly important role.However,due to the bad programming habits of some developers,Internet applications are also filled with a variety of computer software vulnerabilities and buffer overflow vulnerability is one of the most common form of vulnerability.According to statistics,more than 50%of the system attacks use the buffer overflow vulnerability.Therefore,it is very important to study the technology of buffer overflow vulnerability in computer network and information security.The relevant enterprises and scientific research institutions in the world have showed great interest in the research on the technology of defensing buffer overflow vulnerability.During The buffer overflow attack,the attacker can hijack the EIP in order to achieve the intent of controlling the procedure.The most important step in the buffer overflow is to find and change the address where instruction realizing program jumping was stored.According to this principle,Microsoft uses address space layout randomization(Address Space Layout Randomization ASLR)technology to protect the system security.ASLR technology allows the the system core components and important objects required during the running of program to be distributed randomly rather than put in a fixed position.An attacker can not predict the location of these components and instructions.Therefore the attacker can not use the vulnerability,which improve the security of the system.This paper analyzes the defensing technology to buffer overflow attack on Windows platform,and based on the basic principle of buffer overflow vulnerability,the research of ASLR technology on Windows platform is carried out,the main research work is as follows:(1)The background of the defensing technology of buffer overflow and the research status were studied.The development trend of ASLR technology on Windows platform are briefly introduced.(2)The principle of buffer overflow attack is studied,and the principle and construction method of Shellcode are introduced briefly.According to the principle of buffer overflow vulnerability,this paper studies the protection technology of Windows against buffer overflow attacks,and expounds the limitations of the defensing technology.(3)This paper proposes a new prevention technology that can defence buffer overflow attack based on ASLR,and analyzed the ASLR technology syntheticly based on the Windows technology for the heap,stack,PE file,PEB/TEB random effects of these four aspects.Analysis shows that this defense technology can make the memory address of each module of the system to random distribution,so as to be able to defend the Ret2libc this kind of attack using a fixed load address vulnerabilities.(4)Carrying out the experiment to test the ASLR technology protective effect,including the reliability and the validity of the technology,and make analysis and evaluation about this technology.The experimental results show that the ASLR technology on the Windows platform can achieve address randomization with little extra expenses,resist the buffer overflow attacks effectively,and ensure the security of the system.