{"title":"Unlink Attack Defense Method Based on New Chunk Structure","authors":"Yuan-Zhi Huo, Gang Wang, Fachang Yang","doi":"10.4236/JIS.2019.103010","DOIUrl":null,"url":null,"abstract":"The Unlink attack is a way of attacking the heap overflow vulnerability \nunder the Linux platform. However, because the heap overflow data seldom \ndirectly leads to program control flow hijacking and related protection \nmechanism limitations, the existing detection technology is difficult to judge whether \nthe program meets the heap overflow attack condition. There are certain \ninspection measures in the existing unlink mechanism, but with carefully \nconstructing the contents of the heap, you can bypass the inspection measures. \nThe unlink mechanism must be triggered with the free function, and this \nprinciple is similar to function-exit of stacks. The \npaper obtains the inspiration through the canary protection mechanism in the \nstack, adds it to the chunk structure, encrypts the canary value, and defends the \nunlink attack from the fundamental structure. The experimental results show \nthat this method can effectively prevent the occurrence of unlink attacks and \nhas the ability to detect common heap overflows.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"信息安全(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.4236/JIS.2019.103010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Unlink attack is a way of attacking the heap overflow vulnerability
under the Linux platform. However, because the heap overflow data seldom
directly leads to program control flow hijacking and related protection
mechanism limitations, the existing detection technology is difficult to judge whether
the program meets the heap overflow attack condition. There are certain
inspection measures in the existing unlink mechanism, but with carefully
constructing the contents of the heap, you can bypass the inspection measures.
The unlink mechanism must be triggered with the free function, and this
principle is similar to function-exit of stacks. The
paper obtains the inspiration through the canary protection mechanism in the
stack, adds it to the chunk structure, encrypts the canary value, and defends the
unlink attack from the fundamental structure. The experimental results show
that this method can effectively prevent the occurrence of unlink attacks and
has the ability to detect common heap overflows.