Canary-Based Protection Canary Defense Soltware Security "A"x68."IxEF IxBE \xADIxDE" Background Carerf Fies Hpck #includesstring.h> mMeo int main(int argc,char argv){ 4 Cantary Delaree char buf[64]; strcpy(buf,argv[1]); argv corrupte argc DnG overwritten OxDEADBEEF Puymnishie Cinin Dump of assembler code for function main: Data Execution overwritter AAAA 0x080483e4 <+0>:push %ebp -%ebp Prevention Dutidan 0xe88483e5<+1>:mov %esp,Xebp 9xe88483e7<+3>:sub $72,%e5p 0x0B0483ea <+6>:mov 12(%ebp),%eax ASLR AS月月o 0x08B483ed<+9>:mov 4(%eax),名eax ASLR 0x08B483f0<+12>:mov eax,4(%esp) 0xeBB483f4<+16>:1ea -64(Xebp),%eax 0xe88483f7<+19>:mov xeax,(%esp)】 0x088483fa<+22):ca110x8848308<5 trcpy@p1t2 argy 1] 0x888483ff(+27):1eave buf Bxe8B48488<+28>:ret %esp Naning Ueivarsiy57 Software Security Background Control Flow Hijack Control Flow Hijack Defense 9 Canary Defense StackGuard StackGuard Weakness DiffGuard Polymorphic Canary Data Execution Prevention Definition DEP Scorecard Return-to-libc Attack ASLR ASLR Randomization ASLR Dept. of Computer Science, Nanjing University Canary-Based Protection Canary Defense