STACK SMASHING ATTACK DEFENDING METHOD, STACK SMASHING ATTACK DEFENDING DEVICE AND STACK SMASHING ATTACK DEFENDING PROGRAM

摘要

PPROBLEM TO BE SOLVED: To detect a stack smashing attack even in an environment where a dynamic linker is not provided with any function to hook the calling of a standard copy function. PSOLUTION: The entry point of a copy function to be called by an attack target process is acquired, and an instruction to be overwritten when the entry point is rewritten with an instruction to jump to a hook function is copied so that when those instructions are called by the hook function, a processing part which performs processing to perform those instructions, and to transfer control to the copy function can be generated, and then the entry point is rewritten with the instruction to jump to the hook function. Then, whether or not data for attack are written in the copy origin buffer is judged by acquiring and comparing the sizes of buffers at the copy origin and copy destination to be designated when the copy function is called by the attack target process according to the hook function called by the jump instruction. PCOPYRIGHT: (C)2005,JPO&NCIPI