Research And Implementation Of Buffer Overflow Attack Detecting Tools Under Linux Platform

Computer cannot run without software. With the development of computer technology, software has been unknowingly into aspects of human life. Software vulnerabilities, also known as software bugs, are generated in the process of computer software design and implementation. Different software vulnerabilities have different risk levels. More serious software vulnerabilities can lead to unauthorized users operating computer and endangering the safety of the computer. Software vulnerabilities can lead to execute arbitrary code, or even allow an attacker to obtain the highest system privileges. Therefore, software vulnerabilities are related to every computer or everyone’s system security and information security, and even the personal safety and national security. Study on how to prevent overflow attacks through software vulnerabilities will have great significance.In this thesis, the basic principles and typical technology related to various software exploiting were studied. A variety of methods of software exploits were analyzed and summarized. Against attacks through malicious code execution, A technology of detecting through instruction white list to prevent the execution of malicious code was proposed. Meanwhile, against ROP attacks that reuses program instructions, an effective method for detecting, preventing ROP attacks was proposed. In addition, Against attacks by using the global offset table, A method that monitoring the global offset table to prevent this kind of attacks was proposed. In this thesis, added monitoring the generation of subprogram, A attacks preventing tool was designed and implemented using the above method. The tool has the advantage of no need to provide the software’s source code. This tool can accurately prevents attacks through known and unknown software vulnerabilities.Finally, through experiments, the effectiveness of the methods described above under real exploit testing was proved. Experimental result shows that the proposed method can prevents most of the buffer overflow vulnerabilities and protects the security of the system effectively. Experimental shows that the methods this thesis proposed are better on effectiveness and performance than the other similar methods by comparing with other methods through experiments.