COM组件栈缓冲区溢出漏洞检测技术研究

华中科技大学硕士学位论文AbstractIn order to solve the problem of software reuse,shorten software developing period,reduce maintenance cost and realize software automatic updating,component softwaredesign is put forward and has become an inevitable developmental trend.Microsoft'sComponent Object Model (COM)is a relatively mature one of software componentmodels,which is widely used in Windows operating system and application programs.Along with the prevalence of COM,more and more security problems are exposed,ofwhich buffer overflow constitutes a high proportion.Buffer overflow has been one of the commonest forms of security holes.It mainlyexists in the non type-safe languages,such as C and C++.However,new generationlanguages,such as Java and C4,do not have this problem.One of the most importantreasons is that C allow indirect memory access by pointer without boundary check andprovide many unsafe functions which may cause buffer overflow.Meanwhile,there aresuch functions in Windows operating system.Therefore,if effective means can be adoptedto detect buffer overflow,security of component software will be greatly enhanced.Buffer overflow detection based on binary code is thoroughly studied in this thesisbecause in most cases the source code of COM is unknown.A detection algorithm isproposed by modeling the buffer overflow problem and transform it to ranges comparisonof integers.First,establish an unsafe function library of COM and use it to distinguishunsafe function calls in assembly code.Second,according to types of arguments passed tounsafe functions,different buffers are distinguished.Third,obtain ranges of integers basedon the size of declared buffers and allocated ones.Last,use buffer overflow detectioncriterion made by this thesis to detect buffer overflow.COM uses virtual table to locatefunctions.According to this structural characteristics,this thesis realise accuratepositioning of user functions and extract their dependence relations by means of IDCscript language.Based on the work mentioned above,a prototype system that can detchstack buffer overflow of COM is realised.Keywords:buffer overflow,static analysis,binary code,COM component,unsafe function