作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (20): 24-26. doi: 10.3969/j.issn.1000-3428.2011.20.009

• 软件技术与数据库 • 上一篇    下一篇

Cisco IOS内存管理及其脆弱性分析

胡宗立,祝跃飞,马亚南,韩玉祥   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:2010-03-28 出版日期:2011-10-20 发布日期:2011-10-20
  • 作者简介:胡宗立(1982-),男,硕士研究生,主研方向:信息安全;祝跃飞,教授、博士;马亚南、韩玉祥,硕士研究生
  • 基金资助:
    国家“863”计划基金资助项目(2008AA01Z420)

Cisco Internetwork Operating System Memory Management and Its Vulnerability Analysis

HU Zong-li, ZHU Yue-fei, MA Ya-nan, HAN Yu-xiang   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002, China)
  • Received:2010-03-28 Online:2011-10-20 Published:2011-10-20

摘要: 通过研究Cisco路由器中嵌入式操作系统IOS的内存布局、管理策略、保护机制,并进行内存管理脆弱性测试,证明IOS在分配回收策略及内存块保护机制上存在脆弱性,针对其在内存管理策略与存储保护机制方面的安全风险,提出诸如增加校验及完整性保护等防范措施,以确保路由器的安全。

关键词: Cisco路由器, IOS系统, 内存管理, 双向链表, 缓冲区溢出, 磁盘碎片

Abstract: This paper analyzes memory layout, management strategy and protection mechanism of Cisco Internetwork Operating System(IOS), and does some memory management vulnerability tests. Based on the results, it analyzes the vulnerability on memory management strategy and memory protection mechanism, which proves that there are some security risks on IOS memory management. Several effective approaches are proposed to improve the security of Cisco router, such as adding validation and integrity protection.

Key words: Cisco router, Internetwork Operating System(IOS), memory management, double-linked list, buffer overflow, disk fragment

中图分类号: