检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:刘通平
出 处:《计算机科学》2007年第9期282-286,F0004,共6页Computer Science
摘 要:缓冲区溢出是计算机界的一个古老话题,计算机界和学术界为检测和预防缓冲区溢出投入了很多的精力。但根据CERT(www.cert.org)的数据显示,最近几年中,缓冲区溢出大约占程序错误的50%。另外,根据CERT Ad- visory数据显示。目前仍然有50%左右的安全威胁系来自缓冲区溢出。因此可以说,缓冲区溢出的问题并没有得到根本的解决,而栈溢出是一种最基本的缓冲区溢出。和堆溢出相比,栈溢出更难于监控和危害性更大,因此研究栈溢出具有实际意义。本文对各种栈溢出的检测技术进行了分类和总结,希望能够对栈设计溢出的检测工具提供一些思路。同时,本文介绍了实现栈溢出的动态检测技术中涉及到的各种插装技术,并对各种各样的插装技术进行了总结。Buffer overflow has been studied carefully and sophisticatedly in these years. Computer community has spent a lot of efforts in this field. But according to the datum in www. cert. org, buffer overflow error is still about 50% of all program error in recent years. And according to CERT Advisory, 50% security threat comes from the bug relating with buffer overflow too. From this point, we can see that buffer overflow has not been resolved completely. The research on buffer overflow still has actual meaning. Stack overflow is a basic form of buffer overflow and it is more difficult to be detected and protected comparing to heap overflow. In this article, different dynamic techniques about the detection of stack overflow have been described. It is useful for the design of software analyzing tools. In the same time, the instrumentations used by different technique are described and concluded too.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49
