摘要: 通过研究Cisco路由器中嵌入式操作系统IOS的内存布局、管理策略、保护机制,并进行内存管理脆弱性测试,证明IOS在分配回收策略及内存块保护机制上存在脆弱性,针对其在内存管理策略与存储保护机制方面的安全风险,提出诸如增加校验及完整性保护等防范措施,以确保路由器的安全。
关键词:
Cisco路由器,
IOS系统,
内存管理,
双向链表,
缓冲区溢出,
磁盘碎片
Abstract: This paper analyzes memory layout, management strategy and protection mechanism of Cisco Internetwork Operating System(IOS), and does some memory management vulnerability tests. Based on the results, it analyzes the vulnerability on memory management strategy and memory protection mechanism, which proves that there are some security risks on IOS memory management. Several effective approaches are proposed to improve the security of Cisco router, such as adding validation and integrity protection.
Key words:
Cisco router,
Internetwork Operating System(IOS),
memory management,
double-linked list,
buffer overflow,
disk fragment
中图分类号:
胡宗立, 祝跃飞, 马亚南, 韩玉祥. Cisco IOS内存管理及其脆弱性分析[J]. 计算机工程, 2011, 37(20): 24-26.
HU Zong-Li, CHU Ti-Fei, MA E-Na, HAN Yu-Xiang. Cisco Internetwork Operating System Memory Management and Its Vulnerability Analysis[J]. Computer Engineering, 2011, 37(20): 24-26.