Detection and prevention of stack buffer overflow attacks

Communications of the ACM

Volumn 48, Issue 11, 2005, Pages 51-56

  Kuperman, Benjamin A ^a   Brodley, Carla E ^b   Ozdoganoglu, Hilmi ^c   Vljaykumar, T N ^c   Jalote, Ankit ^c  

^a SWARTHMORE COLLEGE   (United States)

^b Tufts University   (United States)

^c PURDUE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SYSTEMS PROGRAMMING; DATA FLOW ANALYSIS; DATA REDUCTION; PROGRAM DOCUMENTATION;

BUFFER OVERFLOW ATTACKS; OVERFLOW ATTACKS; PROGRAM EXECUTION; STATIC ANALYSIS;

COMPUTER CRIME;

EID: 33745220279     PISSN: 00010782     EISSN: 00010782     Source Type: Journal    
DOI: 10.1145/1096000.1096004     Document Type: Review

References (12)

1. Aleph One. Smashing the stack for fun and Profit. Phrack Magazine 7, 49 (Fall 1997); www.phrack.com/.
2. Baratloo, A., Singh, N., and Tsai, T. Transparent fun-time defense against stack smashing attacks. In Proceedings of the 2000 USENIX Technical Conference (San Diego, CA, June 2000).
3. Chiueh, T. and Hsu, F.-H. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the 21st International Conference on Distributed Computing Systems (Mesa, AZ, Apr. 2001).
4. Cowan, C., Pu, C., Maier, D., Hinton, H., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Seventh USENIX Security Conference (San Antonio, TX, Jan. 1998).
5. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., and Wang, Y. Cyclone: A safe dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference (Monterey, CA, June 2002), 275-288; www.research.att.com/ projects/cyclone/.
6. Kiriansky, V., Bruening, D., and Amarasinghe, S. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium (Aug. 2002).
7. Larochelle, D. and Evans, D. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 2001 USENIX Security Symposium (Aug. 2001).
8. Necula, G. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (Jan. 1997), 106-119.
9. Newsham, T. Format String Attacks. White paper, Guardent, Inc., Sept. 2000; www.lava.net/~newsham/format-string-attacks.pdf.
10. Ozdoganoglu, H., Bradley, C., Vijaykumar, T., Jalote, A., and Kuperman, B. SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address. Tech. Rep. TR-ECE 03-13, Purdue University School of Electrical and Computer Engineering, Nov. 2003; www.smashguard.org/.
11. Prasad, M. and Chiueh, T. A binary rewriting defense against stack-based buffer overflow attacks. In Proceedings of the 2003 USENIX Annual Technical Conference (San Antonio, TX, June 2003).
12. Xu, J., Kalbarczyk, Z., Patel, S., and Iyer, R. Architecture support for defending against buffer overflow attacks. In Proceedings of the 2002 Workshop on Evaluating and Architecting System dependability (EASY-2002) (University of Illinois at Urbana-Champaign, Oct. 2002).