| With the polularation of computer and Internet, people pay more and more attention to information security. Particularly, the number of buffer overflow attacks is growing year by year.The article introduces the theory and attack technology of buffer overflow, summarizes the prevention technology, especially detection technology, analyses their advantages and disadvantages.Among the existing buffer overflow detection technology, most of static analysis depends on source code, most of dynamic analysis act after attacks and expense. And, most of the existing static analysis doesn't care the executing flow, so that the rate of false positive is increased. Therefore, in this paper, we propose an improved buffer overflow detection model on executable codes. The model judges buffer overflow existing or not according to whether strict buffer boundary checking is done before operating buffer in the target program, and, besides using traditional methods, it identifies buffer operation by analysing string operation instructions and copying in circle. The model disassembles executable codes to assembly codes firstly, then, parses the assembly codes, analyses function call relationship and control flow, and finds buffer variables and their beginning address and end address, lastly, from each buffer reference, sums up path constraints against the control flow, and judges buffer overflow by solving the constrains.A prototype is implemented according to the model, and its effectiveness is proved by experiment. |
PDF Full Text Request