Unlink Attack Defense Method Based on New Chunk Structure  

作　　者：Yuanzhi Huo Gang Wang Fachang Yang 

机构地区：[1]Department of Information Engineering, Inner Mongolia University of Technology, Hohhot, China [2]School of Software and Microelectronics, Peking University, Beijing, China

出　　处：《Journal of Information Security》2019年第3期177-187,共11页信息安全（英文）

摘　　要：The Unlink attack is a way of attacking the heap overflow vulnerability under the Linux platform. However, because the heap overflow data seldom directly leads to program control flow hijacking and related protection mechanism limitations, the existing detection technology is difficult to judge whether the program meets the heap overflow attack condition. There are certain inspection measures in the existing unlink mechanism, but with carefully constructing the contents of the heap, you can bypass the inspection measures. The unlink mechanism must be triggered with the free function, and this principle is similar to function-exit of stacks. The paper obtains the inspiration through the canary protection mechanism in the stack, adds it to the chunk structure, encrypts the canary value, and defends the unlink attack from the fundamental structure. The experimental results show that this method can effectively prevent the occurrence of unlink attacks and has the ability to detect common heap overflows.The Unlink attack is a way of attacking the heap overflow vulnerability under the Linux platform. However, because the heap overflow data seldom directly leads to program control flow hijacking and related protection mechanism limitations, the existing detection technology is difficult to judge whether the program meets the heap overflow attack condition. There are certain inspection measures in the existing unlink mechanism, but with carefully constructing the contents of the heap, you can bypass the inspection measures. The unlink mechanism must be triggered with the free function, and this principle is similar to function-exit of stacks. The paper obtains the inspiration through the canary protection mechanism in the stack, adds it to the chunk structure, encrypts the canary value, and defends the unlink attack from the fundamental structure. The experimental results show that this method can effectively prevent the occurrence of unlink attacks and has the ability to detect common heap overflows.

关 键 词：HEAP OVERFLOW CANARY OVERFLOW 

分 类 号：R73[医药卫生—肿瘤]