计算机应用 ›› 2012, Vol. 32 ›› Issue (12): 3449-3452.DOI: 10.3724/SP.J.1087.2012.03449

• 信息安全 • 上一篇    下一篇

嵌入式系统缓冲区溢出攻击防范技术研究

王柳滨1,魏国珩2,李政1   

  1. 1. 海军工程大学 信息安全系,武汉 430033
    2. 海军工程大学 电子工程学院,武汉 430033
  • 收稿日期:2012-06-15 修回日期:2012-08-05 发布日期:2012-12-29 出版日期:2012-12-01
  • 通讯作者: 王柳滨
  • 作者简介:王柳滨(1989-),男,浙江武义人,硕士研究生,主要研究方向:信息安全、嵌入式安全;〓魏国珩(1977-),男,湖北武穴人,副教授,博士研究生,CCF会员,主要研究方向:嵌入式系统、信息安全、密码学;〓李政(1990-),男,江苏盐城人,硕士研究生,主要研究方向:信息安全、密码学。
  • 基金资助:
    中国博士后特别基金

Research of defense scheme against buffer overflow attack in embedded system

Liu-Bin WANG,WEI Guo-heng,LI Zheng   

  1. Department of Information Security, Naval University of Engineering, Wuhan Hubei 430033, China
  • Received:2012-06-15 Revised:2012-08-05 Online:2012-12-29 Published:2012-12-01
  • Contact: Liu-Bin WANG

摘要: 针对嵌入式系统在缓冲区溢出攻击下的脆弱性问题,对开源嵌入式操作系统μC/OS-Ⅱ的内存管理机制进行分析,提出了一种基于块表的内存保护方案。该方案将属于同一任务的内存块归纳到一个域内,并建立块表进行管理,实现了任务地址间的隔离;通过对内存块的访问进行越界检查和访问控制,有效地防范了针对嵌入式系统的缓冲区溢出攻击。最后,对该方案进行了有效性分析并在Nios Ⅱ平台上进行了实验测试,结果表明所提方法可行。

关键词: 嵌入式系统, 缓冲区溢出攻击, 任务隔离, 访问控制, uC/OS-II

Abstract: Embedded system is vulnerable to buffer overflow attack. In order to solve this problem, a block based protection scheme was proposed after analyzing the memory management of μC/OS-Ⅱ. By making a combination of all the memory blocks which belong to one task and managing it through the established block_table, the introduced scheme protected the safety through creating isolation between task memories, checking and controlling the access of memory blocks. Then, an effective analysis about this scheme was given. In addition, a buffer overflow attack experiment was operated on Nios Ⅱ with the improved uC/OS-Ⅱ, and the results show that the proposed scheme is feasible.

Key words: Embedded System, Buffer overflow attack, Task Isolation, Access Control, uC/OS-II