Preventing Attacks on the Easiest Applications with Vulnerabilities by Verification of Their Committed System Calls

The issue of detecting and preventing attacks on applications has been and remains one of the urgent tasks of information security. Flaws in the program code lead to disruption of the normal operation of the software. Data integrity, availability and confidentiality of the data, interruption of the execution of running processes or even the system as a whole may occur due to design flaws. The aim of this work is to prevent attacks on the application by overflowing the buffer using the developed complex to prevent attacks. To achieve this goal, the shortcomings of modern systems for preventing attacks on applications are briefly reviewed, the structure of the developed software package, the operation algorithms of each module of the software package, the mechanism for buffer overflows are examined, and the developed software package is tested on a simple buffer overflow.

StackGuard, ASRL, buffer overflow, system calls, code injection, data execution prevention, ASLR, StackGuard, information security

1. Wonsun Ahn, Yuelu Duan and Josep Torrellas «DeAliaser: Alias Speculation using Atomic Region Support» : публикации проекта LLVM. - 2013. - Р. 167-168. - URL : <http://dl.acm.org/citation.cfm?id=2451136> (дата обращения: 07.10.2018).

2. Gerardo Richarte «Four different tricks to bypass StackShield and StackGuard protection». - URL : https://www.cs.purdue.edu/homes/xyzhang/spring07/Papers/defeat-stackguard.pdf (дата обращения: 06.08.2018).

3. Erik Buchanan, Ryan Roemer, Stefan Savage, Hovav Shacham «Return-oriented Programming: Exploitation without Code Injection». - URL : https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf (дата обращения: 22.10.2018).

4. Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage «When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC». - URL : http://cseweb.ucsd.edu/~savage/papers/CCS08GoodInstructions.pdf (дата обращения: 22.10.2018).

5. Hovav Shacham «The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)». - URL : https://hovav.net/ucsd/dist/geometry.pdf (дата обращения: 21.10.2018).

6. Tyler Durden «Bypassing PaX ASLR protection». - URL : http://phrack.org/issues/59/9.html (дата обращения: 09.11.2018).

7. Hector Marco, Ismael Ripoll «AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%». - URL : http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html (дата обращения: 09.11.2018).

8. Tilo Muller «ASLR Smack & Laugh Reference». - URL : https://ece.uwaterloo.ca /~vganesh/TEACHING/S2014/ECE458/aslr.pdf (дата обращения: 10.11.2018).

9. Ralf Hund, Carsten Willems, Thorsten Holz «Practical Timing Side Channel Attacks Against Kernel Space ASLR». - URL : https://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf (дата обращения: 10.11.2018).

10. Паринов, М. А. Анализ существующих средств защиты от переполнения буфера на стеке и способы их обхода / М. А. Паринов // Глобальная ядерная безопасность. - 2019. - № 2(31). - С. 15-22.

11. Фомичeв В. М. Методы дискретной математики в криптологии / В. М. Фомичев. - Москва : ДИАЛОГ-МИФИ, 2010. - 424 с.

12. Wenliang Du. «Computer Security: A Hands-on Approach». - URL : http://www.cis.syr.edu/~wedu/seed/Book/book_sample_buffer.pdf (дата обращения: 14.11.2019).

13. Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole «Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade». - URL : https://www.researchgate.net/publication/232657947_Buffer_Overflows_Attacks_and_Defenses_for_the_Vulnerability_of_the_Decade (дата обращения: 10.02.2020).

14. James C. Foster Vitaly Osipov Nish Bhalla Niels Heinen «Buffer Overflow Attacks DETECT, EXPLOIT, PREVENT». - URL : http://index-of.es/Varios/Securite/BoF_Attacks.pdf (дата обращения: 10.02.2020).