引用本文: |
-
陈小全,薛锐.程序漏洞:原因、利用与缓解——以C和C++语言为例[J].信息安全学报,2017,2(4):41-56 [点击复制]
- CHEN Xiaoquan,XUE Rui.Cause, Exploitation and Mitigation of Program Vulnerability-C and C++ language as an example[J].Journal of Cyber Security,2017,2(4):41-56 [点击复制]
|
|
摘要: |
程序中存在的漏洞是针对程序的各种攻击事件的根源,攻击者可以利用这些漏洞改变程序的行为或完全控制程序。本文以C语言和C++语言为例循序渐进地阐明了程序中漏洞产生的根本原因,并对利用这些漏洞实施的攻击进行了深入地分析和探讨,同时也指出了当前主要的漏洞检测和漏洞阻止技术的优势和不足。最后,我们提出了对程序进行持续的和全面的内存布局多样性的未来研究方向。 |
关键词: 程序漏洞 利用 缓解 |
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.004 |
投稿时间:2016-09-30修订日期:2017-02-08 |
基金项目:中国科学院战略性先导科技专项(批准号:XDA06010701)项目,国家自然科学基金(No.61472414,No.61772514),中国科学院信息工程研究所密码基金资助。 |
|
Cause, Exploitation and Mitigation of Program Vulnerability-C and C++ language as an example |
CHEN Xiaoquan1,2, XUE Rui1
|
(1.State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China) |
Abstract: |
The vulnerability in the program is the source of the attacks against the program. These vulnerabilities allow the attackers to alter the behavior of the program or completely control the program. Firstly, this paper clearly explains the fundamental reason of the vulnerability in the program. Secondly, the attacks that exploit these vulnerabilities have been analyzed and discussed thoroughly. Thirdly, this paper also points out the advantages and weaknesses of the current vulnerability detection and defense technology. Finally, the future research direction——the Continuous and Comprehensive Memory Layout Diversity is proposed. |
Key words: program vulnerability exploitation mitigation |