Buffer Overflow Attack Detection And Prevention Systems

With the increasing scale of the actual problem and complexity of software, the scale and its complexity are becoming respectively bigger and higher, that also leads to the buffer overflow flaws and bugs exist in a large number of programs. Undoubtedly, in this networked information era, these bugs make the Buffer Overflow Attack very easy propagate, it threatens the systematic security greatly.No doubt, if some effective means and methods could be adopted to take precautions against this specific attack, it will have a significant meaning to the security of the software system.In this thesis, the main ways and means of the Buffer Overflow Attack have been analyzed. After learning and understanding some of the current tools and methods of detecting buffer overflow, some shortcomings have been discovered in these methods, such as StackGrard and StackShield: Firstly, in order to ensure that there are no buffer overflows, it is necessary to detect vulnerabilities so frequently, that the efficiency of CPU has been affected in a certain degree. Secondly, the source code of the program is required, to recompile the program with specialized compiler.In order to remove the deficiencies of the current methods, and be adequately concerned of the actual needs. another methods, injecting code and hooking operating system API, have been adopted to forbid CPU executing malicious code. It means that whether the buffer is overflowed or not shouldn't have to be concerned about, but forbidding CPU to execute malicious code can also achieve the aim of precautions against the Buffer Overflow Attack. To do so:Firstly, it improves the efficiency of CPU.Secondly, it can protect the current system, for the great number of Commercial Codes need not be recompiled at all.In this thesis, original technology of hooking operating system API has been ameliorated to prevent someone to evade being detected by using some other ways. It improves the security of the system. Finally, A system of defending buffer overflow attack, which is safe and easy to be used and running fast and steady, has been exploited.