| The popularization of software has brought people much convenience and changed our life at same time. But there are lots of errors hided in software, which will cause vulnerabilities or security holes in system and bring huge risks. Now many institutes and companies pay more attention to finding methods to avoid software errors. Buffer overflow research is very valuable in practice and in theory in computer network and information security. The paper analyzes the buffer overflow attack and promotes a method for defending buffer overflow based on Address-Space Randomization. The method keeps focus on the fundamental principle of the remote buffer overflow and protectes systems following the principle.Firstly, the paper expounds background and studies of this field and analyses different kinds of buffer overflow attacks and methods of making shellcode. It promotes an overflow protect technology which on Address-Space Randomization under the Address-Jump principle. The Address-Space Randomization technology is to guard against the prevention of the system kernel objects by remote buffer overflow attack. It randomes the memory space of the system kernel objects and other objects in order to defend remote buffer overflow attack. We make use of the Windows kernel related technology and device driver program develop technology to design and implement the buffer overflow protect system based on the Address-Space Randomization. The paper shows the system collectivity structure, module's detail design flow and develop environment.The system is discussed by experiment, both in Metasploit real attack environment and in confused attack environment. The result shows the method could protect most of all buffer overflow attacks. At last we give out a conclusion of the paper and talk about the limits of the technology and look forward to the future work. |
PDF Full Text Request