Defcon Capture the Flag: Defending vulnerable code from intense attack

Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003

Volumn 1, Issue , 2003, Pages 120-129

  Cowan, C ^a   Arnold, S ^a   Beattie, S ^a   Wright, C ^a   Viega, J ^b  

^a WireX Communications Inc   (United States)

^b Secure Software Inc   (United States)

Author keywords

Computer crime; Computer security; File servers; Internet; Large scale systems; Law; Legal factors; Research and development; Testing; Web server

Indexed keywords

COMPUTER CRIME; INTERNET; LARGE SCALE SYSTEMS; PERSONAL COMPUTING; SECURITY OF DATA; SECURITY SYSTEMS; TESTING;

FILE SERVERS; LAW; LEGAL FACTORS; RESEARCH AND DEVELOPMENT; WEB SERVERS;

COMPUTER GAMES;

EID: 20444493210     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DISCEX.2003.1194878     Document Type: Conference Paper

References (18)

1. M.Bishop and M. Digler. Checking for Race Conditions in File Accesses. Computing Systems, 9(2):131-152, Spring 1996. Also available at url http://olympus.cs.ucdavis.edu/bishop/scriv/index.html.
2. Kalou/Pascal Bouchareine. Format String Vulnerability. url http://plan9.hert.org/papers/format.html, July 18 2000.
3. Jamie Cameron. Webmin. url http://www.webmin.com/, September 2002.
4. Crispin Cowan, Matt Barringer, Steve Beattie, Greg Kroah-Hartman, Mike Frantzen, and Jamie Lokier. FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In USENIX Security Symposium , Washington, DC, August 2001.
5. Crispin Cowan, Steve Beattie, Calton Pu, Perry Wagle, and Virgil Gligor. SubDomain: Parsimonious Server Security. In USENIX 14th Systems Administration Conference (LISA), New Orleans, LA, December 2000.
6. Crispin Cowan, Steve Beattie, Chris Wright, and Greg Kroah-Hartman. RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities. In USENIX Security Symposium, Washington, DC, August 2001.
7. Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan Walpole. The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques. In Proceedings of the 19th National Information Systems Security Conference (NISSC 2000), Baltimore, MD, October 2000.
8. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In 7th USENIX Security Conference, pages 63-77, San Antonio, TX, January 1998.
9. Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. In DARPA Information Survivability Conference and Expo (DISCEX), January 2000. Also presented as an invited talk at SANS 2000, March 23-26, 2000, Orlando, FL, url http://schafercorp-ballston.com/discex.
10. "Solar Designer". Non-Executable User Stack. url http://www.openwall.com/linux/.
11. Renaud Deraison et al. Nessus. url http://www.nessus.org/, August 2002.
12. Fyodor. Nmap: Network Mapper. url http://www.insecure.org/nmap/, August 2002.
13. "Ghettohackers". The Ghettohackers. url http://ghettohackers.net/.
14. Robert Lemos. Putting Fun Back Into Hacking. CNet news.com, url http://news.com.com/2100-1001-948404.html, August 5 2002.
15. Tim Newsham. Format String Attacks. Bugtraq mailing list, url http://www.securityfocus.com/archive/1/81565, September 9 2000.
16. "Aleph One". Smashing The Stack For Fun And Profit. Phrack, 7(49), November 1996.
17. Scut. Multiple Vendor Telnet Daemon Vulnerability. url http://online.securityfocus.com/archive/1/197804, July 18 2001. Bugtraq.
18. "tf8". Wu-Ftpd Remote Format String Stack Overwrite Vulnerability. url http://www.securityfocus.com/bid/1387, June 22 2000.