ANALYSIS OF EXISTING PROTECTION SYSTEMS FROM BUFFER OVERFLOW AND METHODS OF THEIR BYPASS
https://doi.org/10.26583/GNS-2019-02-02
EDN: DEXPQQ
Abstract
The issue of detecting and preventing attacks on applications has been and remains one of the urgent tasks of information security. Flaws in the program code lead to disruption of the normal operation of the software. Data integrity, availability and confidentiality of the data, interruption of the execution of running processes or even the system as a whole may occur due to design flaws. This paper discusses the mechanism of buffer overflow on a stack as well as existing modern means of detecting or preventing buffer overflows such as ASLR, StackGuard, and a non-executable stack. These security features are chosen as the research target because they are the most common and are built-in security features in Linux. The objective of the work is to analyze the problem of buffer overflow and the incomplete effectiveness of existing commonly used means of preventing and detecting this type of attack as well as a description of an alternative way to solve the problem of buffer overflow. As part of the work for each of the widespread means of protection considered a way to circumvent it. The result of this work was the conclusion that the existing security tools have significant drawbacks and therefore requires the development of an additional remedy, the idea of which is proposed at the end of the article.
About the Author
M. A. ParinovRussian Federation
References
1. Aleph One Smashing The Stack For Fun And Profit [Электронный ресурс]. URL: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf (дата обращения: 13.07.2018).
2. Альфред, В. Ахо Компиляторы. Принципы, технологии и инструментарий / В. Ахо Альфред, С. Лам Моника, Сети Рави, Д. Ульман Джеффри; пер. с англ. И. Красиков. – Москва : Вильямс, 2008 – 1184 с.
3. Donald E. Porter, Emmett Witchel. Transactional system calls on Linux [Электронный ресурс]. URL : http://www.cs.unc.edu/~porter/pubs/ols10.pdf (дата обращения: 15.09.2018).
4. Michal Sojka. Kernel side of system calls [Электронный ресурс]. URL: http://labe.felk.cvut.cz/~stepan/33OSD/files/osd-e3-kern-syscall.pdf (дата обращения: 12.08.2018).
5. Стюгин, М.А. Способ построения программного кода с неразличимой функциональностью. [Электронный ресурс] / М.А. Стюгин // Безопасность информационных технологий. – 2017. –Вып. 24. – № 1. – С. 66-72. ISSN 2074-7136. URL: https://bit.mephi.ru/index.php/bit/article/view/57 (дата обращения: 1.11.2018) doi:http://dx.doi.org/10.26583/bit.2017.1.08.
6. Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang «StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks» [Электронный ресурс]. URL: https://www.usenix.org/legacy/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf (дата обращения: 1.09.2018).
7. Perry Wagle, Crispin Cowan «StackGuard: Simple Stack Smash Protection for GCC» [Электронный ресурс]. URL: ftp://gcc.gnu.org/pub/gcc/summit/2003/Stackguard.pdf (дата обращения: 30.07.2018).
8. Gerardo Richarte «Four different tricks to bypass StackShield and StackGuard protection» [Электронный ресурс]. URL: https://www.cs.purdue.edu/homes/xyzhang/spring07/Papers/defeat-stackguard.pdf (дата обращения: 6.08.2018).
9. Hovav Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) [Электронный ресурс]. URL: https://hovav.net/ucsd/dist/geometry.pdf (дата обращения: 21.10.2018).
10. Erik Buchanan, Ryan Roemer, Stefan Savage, Hovav Shacham «Return-oriented Programming: Exploitation without Code Injection» [Электронный ресурс]. URL: https://www.blackhat.com/presentations/bh-usa-8/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf (дата обращения: 22.10.2018).
11. Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage «When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC» [Электронный ресурс]. URL: http://cseweb.ucsd.edu/~savage/papers/CCS08GoodInstructions.pdf (дата обращения: 22.10.2018).
12. Reed Hastings, Bob Joyce «Purify: Fast Detection of Memory Leaks and Access Errors» [Электронный ресурс]. URL: https://web.stanford.edu/class/cs343/resources/purify.pdf (дата обращения: 23.10.2018).
13. Tyler Durden «Bypassing PaX ASLR protection» [Электронный ресурс]. URL: http://phrack.org/issues/59/9.html (дата обращения: 9.11.2018).
14. Hector Marco, Ismael Ripoll «AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%» [Электронный ресурс]. URL: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html (дата обращения: 9.11.2018).
15. Tilo Muller «ASLR Smack & Laugh Reference» [Электронный ресурс]. URL: https://ece.uwaterloo.ca/~vganesh/TEACHING/S2014/ECE458/aslr.pdf (дата обращения: 10.11.2018).
16. Ralf Hund, Carsten Willems, Thorsten Holz «Practical Timing Side Channel Attacks Against Kernel Space ASLR» [Электронный ресурс]. URL: https://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf (дата обращения: 10.11.2018).
17. Dmitry Evtyushkin, Dmitry Ponomarev, Nael Abu-Ghazaleh «Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR» [Электронный ресурс]. URL: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf (дата обращения: 01.12.2018).
Review
For citations:
Parinov M.A. ANALYSIS OF EXISTING PROTECTION SYSTEMS FROM BUFFER OVERFLOW AND METHODS OF THEIR BYPASS. Global Nuclear Safety. 2019;(2):15-22. (In Russ.) https://doi.org/10.26583/GNS-2019-02-02. EDN: DEXPQQ
JATS XML























