Title page for 945902006


[Back to Results | New Search]

Student Number 945902006
Author Hou-Xiang Kuo(³¢¦Zµ¾)
Author's Email Address 945902006@cc.ncu.edu.tw
Statistics This thesis had been viewed 2569 times. Download 1228 times.
Department Computer Science and Information Engineering
Year 2007
Semester 1
Degree Master
Type of Document Master's Thesis
Language English
Title Detection of Buffer Overflow Attacks with QEMU Emulator
Date of Defense 2007-09-10
Page Count 37
Keyword
  • Buffer overflow
  • QEMU
  • SmashGuard attack
  • Abstract Buffer overflow has always been a dominant issue of system security. Many computer viruses or worms exploit this vulnerability to damage computer systems. Although numerous researches have been proposed to defend such attack, solutions that were really used as standard were rare. The main reason is that few solutions can be compatible with user binary code.
    This paper chooses QEMU emulator to emulate a hardware behavior and selects SmashGuard mechanism to test its feasibility. The result showed that it will produce some problems, and the reason was analyzed.
    Hence, this paper proposed a two layer checking mechanism. In addition to checking the consistency of return address, validity of return address was also checked. The result demonstrates that this mechanism can differentiate and detect typical stack-smashing attack.
    Table of Content Abstract ....................................................................................................................................ii
    Contents...................................................................................................................................iv
    List of Figures ...........................................................................................................................v
    List of Tables ............................................................................................................................vi
    1. Introduction ......................................................................................................................1
    1.1 Buffer Overflow Attack ..........................................................................................1
    1.2 Motivation ..............................................................................................................3
    1.3 Contents of Each Chapter.......................................................................................4
    2. Related Work ....................................................................................................................5
    3. Emulation Tool................................................................................................................ 11
    4. Method............................................................................................................................15
    5. Implementation...............................................................................................................18
    5.1. Layer-1 : Consistency of Return Address.............................................................18
    5.2. Layer-2 : The legitimacy of a return address........................................................22
    6. Experiment Result and Evaluation...............................................................................23
    6.1 Layer-1 Mechanism..............................................................................................23
    6.2 Layer-2 Mechanism..............................................................................................26
    7. Conclusions and future work.........................................................................................28
    Reference ................................................................................................................................29
    Appendix. ...............................................................................................................................31
    Reference [1] Vulnerability notes database from US-CERT, http://www.kb.cert.org/vuls/bymetric?open&start=1&count=20
    [2] Ali Rahbar, ¡§Stack overflow on windows vista,¡¨ White Paper, Sysdream, accessed from http://www.sysdream.com/article.php?story_id=241¡±ion_id=77 , Jun. 16,2007
    [3] Webopedia Computer Dictionary, ¡§What is Buffer Overflow?¡¨ 2003,
    http://www.webopedia.com/TERM/b/buffer_overflow.html
    [4] Jonathan Pincus and Brandon Baker, ¡¨Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns,¡¨ IEEE computer society, 2004
    [5] Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, ¡§StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,¡¨ Proc. Seventh USENIX Security Conf., pp. 63-78, Jan. 1998.
    [6] Bulba and Kil3r, ¡§Bypassing Stackguard and Stackshield,¡¨ Phrack Magazine 5(56), http://racl.oltrelinux.com/tutorial/p56-0x05.pdf , 2002
    [7] H. Etoh, ¡§GCC Extension for Protecting Applications from Stack-Smashing Attacks,¡¨ IBM Research, http://www.trl.ibm.com/projects/security/ssp/ , Apr. 2003.
    [8] Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle, ¡§Pointguard: Protecting Pointers from Buffer Overflow Vulnerabilities,¡¨ Proc. 12th USENIX Security Symp., pp.91-104, Aug. 2003
    [9] Tzi-cker Chiueh and Fu-Hau Hsu, ¡§RAD: A Compile-Time Solution to Buffer Overflow Attacks,¡¨ Proc. 21st Int¡¦l Conf. Distributed Computing Systems (ICDCS ¡¥01), pp.409-417, Apr. 2001.
    [10] Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao and Edwin H.-M. Sha, ¡¨Seccurity Protection and Checking for Embedded System Integration against Buffer Overflow Attacks via Hardware/Software,¡¨ IEEE Trans. on computers, Vol.55, No.4. April 2006
    [11] Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A., ¡§SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address,¡¨ IEEE Trans. on computers, Vol. 55, No. 10,Oct. 2006
    [12] Krerk Piromsopa, Richard J. Enbody, ¡¨Secure Bit: Transparent, Hardware Buffer-Overflow Protection,¡¨ IEEE Trans. Dependable and Secure Computing, Vol.3, No.4, Oct-Dec. 2006
    [13] AMD64 and Enhanced Virus Protection, http://www.amd.com/us-en/Weblets/0,,7832_11104_11105,00.html
    [14] Intel¡¦s Execute Disable Bit and Enterprise Security, http://www.intel.com/business/bss/infrastructure/security/xdbit.htm
    [15] Bochs: The Open Source IA-32 Emulation Project, http://bochs.sourceforge.net/
    [16] Fabrice Bellard, QEMU open source processor emulator, http://fabrice.bellard.free.fr/qemu/index.html
    [17] Fabrice Bellard, ¡§QEMU, a Fast and Portable Dynamic Translator,¡¨ FREENIX Track: 2005 USENIX Annual Technical Conference.
    [18] Stevens, W. Richard, Advanced Programming in the UNIX Environment, Addison-Wesley, 1992.
    [19] Intel Architecture Software Developer's Manual, Volume 2-Instruction Set Reference Manual, http://developer.intel.com/design/pentiumii/manuals/243191.htm
    [20] Tzi-cker Chiueh and Fu-Hau Hsu,"CTCP: A Transparent Centralized TCP/IP Architecture for Network Security," Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), December 2004
    [21] Sangyeun Cho, Pen-Chung Yew, Gyungho Lee, ¡¨Decoupling local variable accesses in a wide-issue superscalar processor,¡¨ pro. of the 26th annual international symposium on computer architecture, Georgia, United States, 1999.
    [22] Linux man page, http://linux.die.net/man/2/sigreturn
    Advisor
  • Li-Ming Tseng(´¿¾¤©ú)
  • Files
  • 945902006.pdf
  • approve immediately
    Date of Submission 2007-09-21

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have dissertation-related questions, please contact with the NCU library extension service section.
    Our service phone is (03)422-7151 Ext. 57407,E-mail is also welcomed.