English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42717283      線上人數 : 1549
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/68745


    題名: 程式控制流程劫持反制措施;Program Control Hijacking Countermeasures
    作者: 陳立函;Chen,Li-Han
    貢獻者: 資訊工程學系
    關鍵詞: 緩衝區溢位;網路蠕蟲;安卓;程式流程;Buffer overflow;Scanning worm;Android;Program control flow
    日期: 2015-07-21
    上傳時間: 2015-09-23 14:22:58 (UTC+8)
    出版者: 國立中央大學
    摘要: 程式設計師撰寫程式時會把程式執行流程設計妥當,執行時就依據原先設計好的流程,但攻擊者可以使用程式的漏洞去改變原先的流程,跳脫出程式設計師原先沒有考慮到的執行流程,進而達到執行攻擊者想要的行為,在此論文中,我們把這種行為稱為「程式執行流程劫持」。程式執行流程劫持發生時,程式本身大多無法自行處理,攻擊者通常會將執行流程導向攻擊者注入的程式碼或是攻擊者希望執行的程式碼,如此一來,一般作業系統並無法得知流程劫持,因此本篇論文便是要改進作業系統在這些程式執行流程劫持的反制措施。
    因此在此篇論文中,我們將探討程式執行流程劫持在三種平台上的處理機制,包括:一般電腦平台的緩衝區溢位弱點偵測、網路平台的蠕蟲偵測與處理、與行動裝置上Android 平台的元件間通訊異常偵測與紀錄。
    緩衝區溢位攻擊的歷史久遠,許多有名的攻擊和網路蠕蟲,都是透過緩衝區溢位漏洞,因此我們雙管齊下,一方面在開發流程中加入安全測試來找出緩衝區溢位弱點,以減少可能的漏洞;另一方面則在作業系統執行sys_read() 相關系統呼叫時,檢查是否為緩衝區溢位攻擊,若為攻擊就嘗試治療發起攻擊的電腦,以減緩網路蠕蟲散佈的速度。另外智慧型手機中市占率最高的Android 作業系統,在設
    計時使用了很多元件間通訊來重複使用其他應用程式已經實做的功能,因此若應用程式沒有保護好自己的基礎元件,就很可能被惡意程式觸發執行執行流程,且被惡意使用原先設計的功能,因此我們在Android 作業系統分派元件間通訊的時候,檢查接收者列表,通知使用者可能的惡意元件間通訊攔截與相關惡意行為,並紀錄這些通訊內容,以供之後分析參考。
    ;The original control flow of a program is designed by developers, but the attackers may change the control flow via the vulnerabilities in the program. So, the control flow is redirected to the code which the attackers intend to execute, called “abnormal control hijacking” in this
    dissertation. When abnormal control flow hijacking occurs, the program itself cannot handle the abnormality. General operating systems are just able to deal with normal exceptions or errors. However, control flow hijacking attack redirects program’s control flow to the injected
    code or the intended code. Therefore, general operating systems could not detect the abnormality. In this dissertation, we try to improve the abnormal control flow hijacking countermeasures in general operating
    systems.
    In this dissertation, we discuss three kinds of countermeasures towards abnormal control flow hijacking. For software testing, ARMORY is proposed to uncover program buffer overflow defects. For network, Serum System is a scanning worm detection mechanism and countermeasure. For mobile devices, ICCDroid inspects the abnormal intercomponents communication hijacking in Android operation system.
    Many famous worms and attacks exploit buffer overflow defects to compromise the victim hosts. As a result, on one hand, we apply security testing to uncover program buffer overflow defects and to reduce the possible defects, and on the other hand, we enforce checks to the sys_read-related system calls whether a input string is a buffer overflow attack string or not. If the input string is detected as a buffer overflow attack string, we would try to cure the attacking hosts. Besides, the most popular smartphone operating system, Android, heavily uses inter-component communications (ICCs) in order to reuse the functionality
    of other applications’ components. If applications do not protect their basic components and the ICC properly, malicious applications may trigger the execution flow of the vulnerable applications or hijack the content of the communications. Therefore, we enforce additional security checks to look over the receivers list and notify users of the possible ICC hijacking and the malicious behaviors. In addition, ICCDroid records all the communications between components for further analysis.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML440檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明