| IE浏览器防攻击关键技术分析 |
| |
| 引用本文: | 毛宁祥,文伟平,傅军.IE浏览器防攻击关键技术分析[J].信息网络安全,2011(7):26-29. |
| |
| 作者姓名: | 毛宁祥 文伟平 傅军 |
| |
| 作者单位: | 1. 北京大学软件与微电子学院,北京,102600
2. 厦门市信息技术服务中心,福建厦门,361012 |
| |
| 摘 要: | 软件漏洞带来的危害性日益增强.为了增加攻击者攻击的难度,Windows操作系统逐渐从操作系统层面上提供对DEP(数据执行保护)和ASLR(地址空间随机化)等安全机制的支持,其他应用软件可方便地应用这些保护机制.IE浏览器也不例外.不过由于各方面的原因,IE浏览器上的保护机制存在着各种各样的绕过方式.文章着重分析了其中的DEP和ASLR保护机制的原理及其绕过方式,并通过实例演示了堆扩散攻击和ROP编程.
|
| 关 键 词: | IE浏览器 堆扩散 DEP ASLR |
IE Browser the Attack Key Technology Research |
| |
| MAO Ning-xiang
,
WEN Wei-ping
,
FU Jun.IE Browser the Attack Key Technology Research[J].Netinfo Security,2011(7):26-29. |
| |
| Authors: | MAO Ning-xiang WEN Wei-ping FU Jun |
| |
| Affiliation: | MAO Ning-xiang1,WEN Wei-ping1,FU Jun2(1.Department of Information Security,SSM,Peking University,Beijing 102600,China2.Xiamen Information Technology Service Center,Xiamen Fujian,361012,China) |
| |
| Abstract: | The harm caused by software vulnerabilities is increasing.To increase the difficulty of the attack launched by attacker,Windows gradually supports DEP and ASLR and other security mechanisms at the system level.Other software can apply these mechanisms easily.So IE browser can also apply these mechanisms to increase its security.However,there are still many methods which can bypass these mechanisms in IE browser.This paper provides details about DEP and ASLR protection mechanisms and also gives examples whic... |
| |
| Keywords: | Internet Explorer Heap Spray DEP ASLR |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
