The Research And Implementation Of Defense Of Buffer Overflow Virtual Machine

Buffer overflow occurs in a program when the program stores more information in an array than the space reserved for it. A buffer overflow may happen accidentally during the execution of a program. When this happens, most often the clobbering of information in areas adjacent to the buffer will cause the program to crash or produce obviously incorrect results. In a buffer overflow attack, the objective of the attacker is to use the vulnerability to corrupt information in a carefully designed way in order to execute attack code previously planted by the attacker. If this succeeds, the attacker effectively hijacked the control of the program, which allows the attacker to execute arbitrary commands on the system. Current defense strengthen change program or load dynamic / static security library, weaken defense the legacy code, the replacement or modification of library. Unable enter the execute logic of instruction running to defense, causing a security problem. So, the research of buffer overflow defense is important for computer security of network and information. Therefore, this paper point out protect integrality of address information and status information is important to defend, create running-time system environment for user program and Instruction enter processor to execute as a starting point, put forward own defend solution which control dynamic instruction execution and some system call to prevent buffer overflow.Then give a defense programme based on Process Virtual Machine to defense buffer overflow dynamic.This paper mainly includes research work as follows:1,Analysis current research status of defense against buffer overflow. Classification the current defense technology, pointed out the inadequacy of defense technology and the inadequacy of Virtual Machine prevent buffer overflow currently.Cuurent research of defense technology can be divided into dynamic defense technology and static defense technology. Static defense technology that based on the different phases of complier needs source code surpport,and uses static library as a code modify technology to change program. Dynamic defense technology is a program context inspect and modify technology which correct the operating environment of application software, including Addresses Protection, Non-Executable Stack/Heap, Bound Checking and Sandboxing Policy.Current defense strengthen change program or load dynamic / static security library, weaken defense the legacy code, the replacement or modification of library. Unable enter the execute logic of instruction running to defense, causing a security problem. Pointed out Virtual Machines can't see the process of buffer overflow, can't control execute-flow of program, and can't record the data when buffer overflow occur. 2,Analyzed the problem of buffer overflow, buffer overflow attack, methods of defend buffer overflow, pointed out protect the integrality of address information and status information is important to defend. Analysis the key issues that create running-time system environment based on Process Virtual Machine to defend buffer overflow what needs.Buffer overflow is mainly due to the C Programming language does not automatically bounds-check array and pointer references. At same time, Stack/Heap Executable, data can be execution as instructions; certain procedures have root provisional authority, and same special system call to deploy. All that induced buffer overflows attacks. And from user space and system space perspective analysis hidden dangers caused by buffer overflow attack. Therefore, this paper as create running-time system environment for user program and Instruction enter processor to execute as a starting point, give a defense programme based on Process Virtual Machine to defense buffer overflow dynamic, and analysis the key issues that create running-time system environment needs.3,Analyzed the key technologies of prevent buffer overflow that included program loading, memory layout, instruction execution.First analysis the key issues that create running-time system environment needs,which respectively corresponding to the different key technologies. Second, choose from one of four different program load scheme as most suitable, then on the basis of which leads to memory layout, instruction execution, syscall and other key technical analysis. Finally, the paper gives an algorithm of identification and interpretation of instructions,and givens a virtual machine common structure and two different solutions to the interpretation of system call.4,As example Intel X86 CPU based on the Windows operating system as test, put forward a DBOVM (Defense of Buffer Overflow Virtual Machine) system to defend buffer overflow . Use software engineering and design and realization of the system.5,Providing certification objectives, the certification and testing of the environment. Validate DBOVM achieved system design goals. Give theory proved to correct prevent buffer overflow with DBOVM. From the theory proved and testing results point of view, the concerns in research papers to be effective, the design is feasible, the achievement of the system is correct.Finally, the paper gives the summary of this research, and points out which research work is next step to carry out.