Embedded system is vulnerable to buffer overflow attack. In order to solve this problem, a block based protection scheme was proposed after analyzing the memory management of μC/OS- II . By making a combination of all the memory blocks which belong to one task and managing it through the established block_table, the introduced scheme protected the safety through creating isolation between task memories, checking and controlling the access of memory blocks. Then, an effective analysis about this scheme was given. In addition, a buffer overflow attack experiment was operated on Nios II with the improved uC/OS- II, and the results show that the proposed scheme is feasible.%针对嵌入式系统在缓冲区溢出攻击下的脆弱性问题,对开源嵌入式操作系统μC/OS-Ⅱ的内存管理机制进行分析,提出了一种基于块表的内存保护方案.该方案将属于同一任务的内存块归纳到一个域内,并建立块表进行管理,实现了任务地址间的隔离;通过对内存块的访问进行越界检查和访问控制,有效地防范了针对嵌入式系统的缓冲区溢出攻击.最后,对该方案进行了有效性分析并在NiosⅡ平台上进行了实验测试,结果表明所提方法可行.
展开▼
