摘要
堆栈溢出是一种在各种操作系统、应用软件中广泛存在普遍且危险的漏洞,可以利用它执行非授权指令,甚至可以取得系统特权,进而进行各种非法操作。从安全操作系统的角度分析了堆栈溢出的原理,以BLP模型为工具对堆栈溢出进行了形式化并在此基础上适当调整了该模型,从安全模型的层次上消除了堆栈溢出的隐患。最后给出了调整后的BLP模型在LSM(Linux security module)上的实现。
Buffer overflow is a kind of leak existed in many OS and software, It is used to execute harmful instruction, furthermore system privilege is stealed or do some nonlicet operation. The mechanism of buffer overflow from the point of view of security operating system is analyzed, buffer overflow with BLP model is formalized. Based on it, the BLP model is adjusted properly and the crisis of buffer overflow is removed on the level of security model. Finally, the adjusted BLP model on LSM is implemented (Linux security module).
出处
《计算机工程与设计》
CSCD
北大核心
2007年第4期808-810,共3页
Computer Engineering and Design
