Off-campus UMass Amherst users: To download campus access theses, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users: Please talk to your librarian about requesting this thesis through interlibrary loan.

Theses that have an embargo placed on them will not be available to anyone until the embargo expires.

Document Type

Campus Access

Degree Program

Electrical & Computer Engineering

Degree Type

Master of Science in Electrical and Computer Engineering (M.S.E.C.E.)

Year Degree Awarded

2013

Month Degree Awarded

February

Keywords

Stack Protection, Buffer Overflow, Packet Processing Systems

Abstract

As the functionality that current computer network can provide is becoming complicated, a traditional router with application-specific integrated circuit (ASIC) implementation can't satisfy the flexibility requirements. Instead, a programmable packet forward system based on a general-purpose processor could provide the flexibility. While this system provides flexibility, a new potential security issue arises. Usually, software is involved as the packet forward system is programmable. The software's potential vulnerability, especially as to the remote exploits, becomes an issue of network security. In this thesis work, we proposed a software stack overflow vulnerability on click modular router and show how a disastrous denial-of-service attack on click modular router could be triggered by a single packet. In our research work, click modular router runs on Linux operating system based on general-purpose hardware. We actually showed that even a software router run within a modern operating system's protection is vulnerable by elaborate attack. And we checked the possible stack protection mechanisms on modern OS based on general-purpose hardware and proposed a possible stack protection mechanism for embedded OS.

First Advisor

Tilman Wolf

Share

COinS