ARCHERR: Runtime environment driven program safety

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3193, Issue , 2004, Pages 385-406

  Chinchani, Ramkumar ^a   Iyer, Anusha ^a   Jayaraman, Bharat ^a   Upadhyaya, Shambhu ^a  

^a UNIVERSITY AT BUFFALO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTEGER PROGRAMMING;

BUFFER OVERFLOWS; DATATYPES; HEAP OVERFLOW; INTEGER OVERFLOW; MACHINE ARCHITECTURES; MACHINE OPERATING; MEMORY LAYOUT; OVERFLOW ATTACKS; RUNTIME ENVIRONMENTS; RUNTIMES;

C (PROGRAMMING LANGUAGE);

EID: 35048883071     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30108-0_24     Document Type: Article

References (29)

1. Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. In: Network and Distributed System Security Symposium, San Diego, CA (2000) 3-17
2. Landi, W.: Undecidability of Static Analysis. ACM Letters on Programming Languages and Systems 1 (1992) 323-337
3. Ramalingam, G.: The Undecidability of Aliasing. ACM Transactions on Programming Languages and Systems 16 (1994) 1467-1471
4. Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-safe Retrofitting of Legacy Code. In: Symposium on Principles of Programming Languages. (2002) 128-139
5. Jones, R.W.M., Kelly, P.H.J.: Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In: Automated and Algorithmic Debugging. (1997) 13-26
6. One, A.: Smashing the Stack for Fun and Profit. Phrack 49, Vol. 7, Issue 49 (1996)
7. Bianco, D.J.: An Integer Overflow Attack Against SSH Version 1 Attack Detectors. In: SANS Cyber Defense Initiatives. (2001)
8. Cohen, C.F.: CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability (2002)
9. Jones, R., Kelly, P.: (Bounds Checking for C) http://www-ala.doc.ic.ac.uk/∼phjk/BoundsChecking.html.
10. TIS Committee: Tool Interface Standard (TIS), Executable and Linking Format (ELF) Specification, Version 1.2 (1995)
11. Standard for Binary Floating Point Arithmetic. ANSI/IEEE Standard 754-1985 (1985)
12. Boldyshev, K.: Startup State of a Linux/i386 ELF Binary. An article hosted on http://linuxassembly.org (2000) http://linuxassembly.org/articles/startup.html.
13. Bugtraq ID 7230: Sendmail Address Prescan Memory Corruption Vulnerability (2003) http://www.securityfocus.com/bid/7230.
14. Bugtaq ID 9297: GNU Indent Local Heap Overflow Vulnerability (2003) http://www.securityfocus.com/bid/9297/info/.
15. Bugtraq ID 7812: Man Catalog File Format String Vulnerability (2003) http://www.securityfocus.com/bid/7812.
16. Bugtraq ID 8589: Pine rfc2231_get_param() Remote Integer Overflow Vulnerability (2003) http://www.securityfocus.com/bid/8589.
17. Posting on Bugtraq Mailing List: (2003) http://archives.neohapsis.com/archives/bugtraq/2003-09/0181.html.
18. Scimark 2.0: (2003) http://math.nist.gov/scimark2/5ndex.html.
19. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilties. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C. (2003)
20. (Rational PurifyPlus) http://www-306.ibm.com/software/awdtools/purifyplus/.
21. (NuMega BoundsChecker) http://www.numega.com/products/aed/vc_more.shtml.
22. Cowan, C., Pu, C., Maier, D., Hinton, H., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In: 7th USENIX Security Symposium, San Antonio, TX (1998)
23. Vendicator: (StackShield: A "Stack Smashing" Technique Protection Tool for Linux) http://www.angelfire.com/sk/stackshield/.
24. Etoh, H.: (GCC Extension for Protecting Applications from Stack-smashing Attacks) http://www.trl.ibm.co.jp/projects/security/ssp6.
25. Bulba, Kil3r: Bypassing StackGuard and StackShield. (Phrack Magazine, Volume 0xa Issue 0x38)
26. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A Safe Dialect of C. In: USENIX Annual Technical Conference, Monterey, CA (2002)
27. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C. (2003)
28. PAX Project: (2003) "http://pax.grsecurity.net/docs/aslr.txt".
29. Bartaloo, A., Singh, N., Tsai, T.: Transparent Run-Time Defense Againsts Stack Smashing Attacks. In: 2000 USENIX Annual Technical Conference, San Diego, CA (2000)