摘要: |
内存中的攻击与防御一直是系统安全领域的重要研究课题之一,而堆内存破坏漏洞利用以及防护以其特殊的性质在这场宏大的攻防战中扮演着十分独特的角色。由于堆内存粒度细的缘故,众多系统级的防御难以起到良好的效果。同时,堆内存因受运行时输入影响,行为表现难以预测,也给破坏的侦测增加了难度。本文收集了近年来堆内存攻防领域的优秀博文与论文,回顾了早期的glibc堆利用方法以及之后glibc与系统针对它们的修复方式。之后,本文介绍了近年来流行的针对glibc堆的现代利用方法以及它们绕过系统保护的方式。最后,本文根据所有的利用方法进行了堆利用特点的总结与梳理,针对它们的特性提出相应的减缓措施,并预测了未来堆攻防博弈发展可能的趋势。 |
关键词: 运行时库 堆 利用 分配算法 |
DOI:10.19363/j.cnki.cn10-1380/tn.2018.01.001 |
Received:July 18, 2017Revised:October 03, 2017 |
基金项目:本课题得到清华信息科学与技术国家实验室(筹)面上研究项目,国家自然科学基金面上项目61772308资助。 |
|
Several Methods of Exploiting Glibc Heap |
PEI Zhongyu,ZHANG Chao,DUAN Haixin |
Institute for Network Science and Cyberspace, Tsinghua University, Beijing 100084, China |
Abstract: |
Attack and defense in memory has been an important research topic in the field of security systems for several decades. The heap memory corruption exploitation and protection play a very unique role in this grand arm race due to its special characteristic. Since the heap memory is of tiny granularity, many system-level defense methods are difficult to take good effect. Meanwhile, heap memory, affected by runtime user input, behaves unpredictably, which raises the difficulty of corruption detection. In this paper, we collect the outstanding blogs and thesis on heap memory arm race, and review the earlier exploit methods as well as the patch methods glibc has taken to defense them. Then, we introduce a few modern exploit methods against glibc and mitigations of system. At last, we conclude the key point of heap exploitation, put forward some mitigations against them, and predict the possible trend of heap exploitation in the future. |
Key words: Glibc heap exploitation ptmalloc |