Unlink Attack Defense Method Based on New Chunk Structure

Yuan-Zhi Huo, Gang Wang, Fachang Yang
{"title":"Unlink Attack Defense Method Based on New Chunk Structure","authors":"Yuan-Zhi Huo, Gang Wang, Fachang Yang","doi":"10.4236/JIS.2019.103010","DOIUrl":null,"url":null,"abstract":"The Unlink attack is a way of attacking the heap overflow vulnerability \nunder the Linux platform. However, because the heap overflow data seldom \ndirectly leads to program control flow hijacking and related protection \nmechanism limitations, the existing detection technology is difficult to judge whether \nthe program meets the heap overflow attack condition. There are certain \ninspection measures in the existing unlink mechanism, but with carefully \nconstructing the contents of the heap, you can bypass the inspection measures. \nThe unlink mechanism must be triggered with the free function, and this \nprinciple is similar to function-exit of stacks. The \npaper obtains the inspiration through the canary protection mechanism in the \nstack, adds it to the chunk structure, encrypts the canary value, and defends the \nunlink attack from the fundamental structure. The experimental results show \nthat this method can effectively prevent the occurrence of unlink attacks and \nhas the ability to detect common heap overflows.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"信息安全(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.4236/JIS.2019.103010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The Unlink attack is a way of attacking the heap overflow vulnerability under the Linux platform. However, because the heap overflow data seldom directly leads to program control flow hijacking and related protection mechanism limitations, the existing detection technology is difficult to judge whether the program meets the heap overflow attack condition. There are certain inspection measures in the existing unlink mechanism, but with carefully constructing the contents of the heap, you can bypass the inspection measures. The unlink mechanism must be triggered with the free function, and this principle is similar to function-exit of stacks. The paper obtains the inspiration through the canary protection mechanism in the stack, adds it to the chunk structure, encrypts the canary value, and defends the unlink attack from the fundamental structure. The experimental results show that this method can effectively prevent the occurrence of unlink attacks and has the ability to detect common heap overflows.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于新区块结构的Unlink攻击防御方法
Unlink攻击是在Linux平台下攻击堆溢出漏洞的一种方式。然而,由于堆溢出数据很少直接导致程序控制流劫持和相关保护机制的限制,现有的检测技术很难判断程序是否满足堆溢出攻击条件。在现有的取消链接机制中有一些检查措施,但通过仔细构建堆的内容,可以绕过检查措施。取消链接机制必须由自由函数触发,这一原理类似于堆栈的函数退出。本文通过栈中的金丝雀保护机制获得启示,将其添加到块结构中,对金丝雀值进行加密,并从基本结构上防御unlink攻击。实验结果表明,该方法可以有效地防止unlink攻击的发生,并具有检测常见堆溢出的能力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
211
期刊最新文献
Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques Research and Practice on High Availability Scheme of Unified Identity Authentication System Based on CAS in Colleges and Universities Learning with Errors Public Key Cryptosystem with Its Security User Station Security Protection Method Based on Random Domain Name Detection and Active Defense Towards a New Model for the Production of Civil Status Records Using Blockchain
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1