Enlisting hardware architecture to thwart malicious code injection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2802, Issue , 2004, Pages 237-252

  Lee, Ruby B ^a   Karig, David K ^a   McGregor, John P ^a   Shi, Zhijie ^a  

^a Princeton University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER STORAGE; MALWARE; NETWORK SECURITY;

BUFFER OVERFLOW ATTACKS; BUFFER OVERFLOWS; COMPUTING DEVICES; CONNECTED COMPUTING; DISTRIBUTED DENIAL OF SERVICE ATTACK; HARDWARE ARCHITECTURE; SOFTWARE VULNERABILITIES; TRANSFER CONTROL;

DENIAL-OF-SERVICE ATTACK;

EID: 35048849061     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-39881-3_21     Document Type: Article

References (25)

1. A. Baratloo, N. Singh, and T. Tsai, "Transparent Run-time Defense against Stack Smashing Attacks," Proc. of the 9th USENIX Security Symposium, June 2000.
2. Bulba and Kilr, "Bypassing StackGuard and StackShield," Phrack Magazine, vol. 10, issue 56, May 2000.
3. D. Burger and T. M. Austin, "The SimpleScalar Tool Set, Version 2.0," University of Wisconsin-Madison Computer Sciences Department Technical Report, no. 1342, June 1997.
4. CERT Coordination Center, http://www.cert.org/, Nov. 2001.
5. Compaq Computer Corporation, Alpha 21164 Microprocessor (.28 μm): Hardware Reference Manual, December 1998.
6. Compaq Computer Corporation, Alpha 21264 Microprocessor Hardware Reference Manual, July 1999.
7. D. Cormie, "The ARM11 Microarchitecture," available at http://www.arm.com/support/White_Papers/, April 2002.
8. th USENIX Security Symposium, Jan. 1998.
9. th USENIX Security Symposium, August 2001.
10. L. Hornof and T. Jim, "Certifying Compilation and Run-time Code Generation," Proceedings of the ACM Conference on Partial Evaluation and Semantics-Based Program Manipulation, January 1999.
11. K. J. Houle, G. M. Weaver, N. Long, and R. Thomas, "Trends in Denial of Service Attack Technology," CERT Coordination Center, October 2001.
12. Intel Corporation, The IA-32 Intel Architecture Software Developer's Manual, Volume 2: Instruction Set Reference, Intel Corporation, 2001.
13. th International Symposium on Computer Architecture, pp. 34-41, May 1991.
14. P. A. Karger and R. R. Schell, "Thirty Years Later: Lessons from the Multics Security Evaluation," Proceedings of the 2002 Annual Computer Security Applications Conference, pp. 119-126, December 2002.
15. F. Kargl, J. Maier, and M. Weber, "Protecting Web Servers from Distributed Denial of Service Attacks," Proceedings of the Tenth International Conference on World Wide Web, pp. 514-525, April 2001.
16. D. Karig and R. B. Lee, "Remote Denial of Service Attacks and Countermeasures," Princeton University Department of Electrical Engineering Technical Report CEL2001-002, October 2001.
17. klog, "The Frame Pointer Overwrite," Phrack Magazine, 9(55), Sept. 1999.
18. R. B. Lee, "Precision Architecture," IEEE Computer, 22(1), pp. 78-91, Jan. 1989.
19. J. McCarthy, "Take Two Aspirin, and Patch That System - Now," Security Watch, August 31, 2001.
20. The SANS Institute, "The SANS/FBI Twenty Most Critical Internet Security Vulnerabilities," http://www.sans.org/top20/, October 2002.
21. The Standard Performance Evaluation Corporation, http://www.spec.org/, Nov. 2001.
22. J. Viega, J. T. Bloch, T. Kohno, and G. McGraw, "ITS4: A Static Vulnerability Scanner for C and C++ Code," Proceedings of the 2000 Annual Computer Security Applications Conference, December 2000.
23. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 156-169, 2001.
24. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," Network and Distributed System Security Symposium, Feb. 2000.
25. C. F. Webb, "Subroutine Call/Return Stack," IBM Technical Disclosure Bulletin, 30(11), April 1988.