SafeBird:A Dynamic and Transparent Toolkit for Run-Time Buffer Overflow Preventions

LIN Zhi-qiang; WANG Yi; MAO Bing; XIE Li

您当前的位置：

首页 >

文章列表页 >

SafeBird:A Dynamic and Transparent Toolkit for Run-Time Buffer Overflow Preventions

更新时间：2025-07-16

- SafeBird:A Dynamic and Transparent Toolkit for Run-Time Buffer Overflow Preventions
- Acta Electronica Sinica Vol. 35, Issue 5, Pages: 882-889(2007)
- 作者机构：
  
  南京大学软件新技术国家重点实验室,南京大学计算机科学与技术系,江苏,南京,210093
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP309
- Published：2007
- 稿件说明：
移动端阅览
LIN Zhi-qiang, WANG Yi, MAO Bing, et al. SafeBird:A Dynamic and Transparent Toolkit for Run-Time Buffer Overflow Preventions[J]. Acta Electronica Sinica, 2007, 35(5): 882-889.
DOI：

LIN Zhi-qiang, WANG Yi, MAO Bing, et al. SafeBird:A Dynamic and Transparent Toolkit for Run-Time Buffer Overflow Preventions[J]. Acta Electronica Sinica, 2007, 35(5): 882-889. DOI：

摘要

通过多种技术的有效运用

本文提出了一种动态和透明的运行时缓冲区溢出防护工具集SafeBird

其包含SIET

LibsafeXP和SLI三个工具.SIET用于从可执行文件ELF的符号表中抽取全局变量的起始地址和大小信息.LibsafeXP作为对Libsafe扩展的动态链接库

包含C标准库中所有与缓冲区有关的函数的封装.这些封装的函数通过SIET提供的有关全局变量的信息

动态截获的有关堆变量的信息和以栈帧指针动态确定的栈变量的信息来防御缓冲区溢出攻击.SLI主要用于非干扰地完成对动态链接库函数的截获和注入LibsafeXP到被保护进程.与已有方法相比

SafeBird对被保护程序更透明:它工作在二进制级

既不需要源程序或者调试信息

也不需要终止和重起被保护软件.性能和有效性测试表明:SafeBird可以有效地应用于动态的缓冲区溢出防御

而且性能代价也平均只有10％.

Abstract

This paper presents a dynamic and transparent toolkit

SafeBird

to defend against run-time buffer overflows by combining several techniques.SafeBird consists of three tools:SIET

LibsafeXP and SLI.SIET extracts the size and starting address information of program global variables from the symbol section of ELF executable file.LibsafeXP

a dynamic shared library and an extension to Libsafe

contains wrapper functions for all the buffer related C Standard Library functions.These wrapper functions are enforced to check the source and target buffer’s size using the following information:global buffer knowledge provided by SIET

heap buffer knowledge by intercepting/tracking memory allocation family functions

and stack buffer bound information by dynamically determined from the frame pointer.The third tool SLI is used to accomplish the function interception and inject the shared library

LibsafeXP

into the running process online without interruption.Compared with existing approaches

SafeBird is more transparent to programs:it works on binary mode

and neither requires the source code or any debug information

nor needs to stop/restart the protected software.Performance and effectiveness evaluations indicate that SafeBird could be used to prevent run-time buffer overflow attacks efficiently

and imposes only about 10 percent overhead on average.

关键词

Keywords

references

Views

657

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Detecting Integer Bugs Based on Static and Dynamic Program Analysis

A Multi-Protection Domains Process Model and Its Implementation

A New Audit-Based Intrusion Detection Model and Its Implement Mechanism

On Scheme for Dynamic Determination of Subject's Current Sensitivity Label

Related Author

CHEN Ping

HAN Hao

SHEN Xiao-bing

YIN Xin-chun

XIE Jun

HUANG Hao

ZHANG Jia

LIU Hai-feng

Related Institution

College of Information Engineering, Yangzhou University

State Key Laboratory for Novel Software TechnologyDepartment of Computer Science and TechnologyNanjing University NanjingJiangsu 210093China

College of Information EngineeringYangzhou UniversityYangzhouJiangsu 225009China

State Key Laboratory for Novel Software Technology, Nanjing University

Institute of Command Automation,PLA University of Science and Technology

⁰