| With the rapid development of computer technology and network technology, information networks have become an important guarantee for social development. The ensuing issue of network security has become the most serious problem in information age. Theoretical analysis shows that various types of network attacks on computer systems which have been able to create a great threat, are mainly due to security vulnerabilities in computer and software systems which are made in the processes of software design, development and maintenance. For a long time, buffer overflow vulnerability is the most common type in all kinds of security vulnerabilities. Buffer overflow is very common and widespread in a variety of operating systems, application software. CERT claimed that more than 50% of network attacks are carried out by using buffer overflow vulnerability. How to do effectively detection and protection to buffer overflow vulnerability is what people need to resolve immediately.In all over the world, the research for detection of attacks and vulnerabilities has been doing well. However, some approaches have been a little backward. Static analysis methods can not properly prevent attacks when the program is running and detect unknown attacks, while the majority problem of dynamic analysis methods is that it needs to target program source code, so it can not protect commercial software. After doing research work deeply for buffer overflow vulnerability, we present a new network attack detection approach——dynamic taint analysis based on information flow. This is an detection approach against attacks based on the buffer overflow vulnerability, which is with real-time, dynamic monitoring the execution of client program to prevent attacks from network, does not require client program source code, and has low false positives.This thesis firstly begins with describing the research background and significance, buffer overflow vulnerability attacks technology and prevention technology and some other background knowledge. Then, we do major research work on two important analytical methods of dynamic taint analysis - data flow analysis and control flow analysis. Data flow analysis methods, primarily through instruction analysis to identify and mark the external taint data, tracking tainted data propagation caused by explicit information flow, detecting when tainted data is used as a jump target address, format string parameters and so on, and alarming when attacks occur. Control-flow analysis is with the help of control flow diagram and auxiliary stack to assist in the analysis implicit information flow of tainted data caused by branch node of program, in order to reduce the false negatives. Then we build a prototype system based on dynamic taint analysis show the system design and some implementation details. Finally, we give an experimental evaluation of the prototype system, from the functionality side and performance side. The experiments show that the approach of dynamic taint analysis based on information flow can well complete the task for prevention buffer overflow attacks, but the performance needs to be improved. |
PDF Full Text Request