A taxonomy of buffer overflow characteristics

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 3, 2012, Pages 305-317

  Bishop, Matt ^a   Engle, Sophie ^b   Howard, Damien ^c   Whalen, Sean ^d  

^a University of California Davis   (United States)

^b UNIVERSITY OF SAN FRANCISCO   (United States)

^c Knobbe Martens Olson and Bear LLP   (United States)

^d Department of Earth and Environmental Sciences   (United States)

Author keywords

arrays; Protection mechanisms; security and privacy; software program verification

Indexed keywords

TAXONOMIES; VERIFICATION;

ALTERNATE APPROACHES; ARRAYS; INCORRECT ACTION; PROTECTION MECHANISMS; SECURITY AND PRIVACY; SOFTWARE AND HARDWARES; SOFTWARE/PROGRAM VERIFICATION; STATE INFORMATION;

BUFFER STORAGE;

EID: 84858636380     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2012.10     Document Type: Article

References (49)

1. M.W. Eichin and J.A. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988," Proc. IEEE Symp. Security and Privacy, pp. 326-343, 1989.
2. D. Seeley, "A Tour of the Worm," Proc. Winter USENIX Conf., pp. 287-304, 1989.
3. E.H. Spafford, "Crisis and Aftermath," Comm. ACM, vol. 32, no. 6, pp. 678-687, 1989.
4. CERT, "W32/Blaster Worm," CERT Advisory CA-2003-20, http://www.cert.org/advisories/CA-2003-20.html, Aug. 2003.
5. CERT, "MS-SQL Server Worm," CERT Advisory CA-2003-04, http://www.cert.org/advisories/CA-2003-04.html, Jan. 2003.
6. CERT, "Apache/mod-ssl Worm," CERT Advisory CA-2002-27, http://www.cert.org/advisories/CA-2002-27.html, Oct. 2002.
7. CERT, "'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL," CERT Advisory CA-2001-19, http://www.cert.org/advisories/CA- 2001-19.html, July 2001.
8. CERT, "Continuing Threat of the 'Code Red' Worm," CERT Advisory CA-2001-23, http://www.cert.org/advisories/CA-2001-23.html, July 2001.
9. S. Christey, "Common Vulnerabilities and Exposures," http://cve.mitre.org, Apr. 2011.
10. R. Abbott, J. Chin, J. Donnelley, W. Konigsford, S. Tokubo, and D. Webb, Security Analysis and Enhancements of Computer Operating Systems, ICET, Nat'l Bureau of Standards NBSIR 76-1041, Apr. 1976.
11. T. Aslam, "A Taxonomy of Security Faults in the Unix Operating System," master's thesis, Dept. of Computer Sciences, Purdue Univ., Aug. 1995.
12. R. Bisbey II and D. Hollingsworth, "Protection Analysis: Final Report," Technical Report ISI/SR-78-13, Information Sciences Inst., Univ. of Southern California, May 1978.
13. C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi, "A Taxonomy of Computer Program Security Flaws," ACM Computing Surveys, vol. 26, no. 3, pp. 211-254, 1994.
14. M. Bishop, "Vulnerability Analysis," Proc. Second Int'l Symp. Recent Advances in Intrusion Detection, pp. 125-136, 1999.
15. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," Proc. Foundations of Intrusion Tolerant Systems, pp. 227-237, 2003.
16. AlephOne, "Smashing the Stack for Fun and Profit," Phrack, vol. 7, no. 49, 1996.
17. M. Conover, "w00w00 on Heap Overflows," http://www. cgsecurity.org/exploit/heaptut.txt, 1999.
18. Skypher, "Internet Explorer IFRAME src&name Parameter BoF Remote Compromise," http://skypher.com/wiki/index.php? title=Www.edup.tudelft.nl/ bjwever/advisory-iframe.html.php, 2004.
19. D. Blazakis, "Interpreter Exploitation: Pointer Interference and JIT Spraying," technical report, Semantiscope, http://www. semantiscope.com/research/BHDC2010/BHDC-2010-Paper.pdf, 2010.
20. A. Sotirov, "Heap Feng Shui in Javascript," Proc. Black Hat Europe, http://www.blackhat.com/presentations/bh-europe-07/FSotirov/ Presentation/bh-eu-07-sotirov-apr19.pdf, 2007.
21. S. Esser, "Samba 3.x QFILEPATHINFO Unicode Filename Buffer Overflow," e-matters GmbH, Security Advisory 13/2004, Nov. 2004.
22. T. Newsham, "Format String Attacks," technical report, Guardent, Inc., Sept. 2000.
23. AMD64 Architecture Programmer's Manual Volume 2: System Programming, Advanced Micro Devices, June 2010.
24. Intel164 and IA-32 Architectures Software Developer's Manual, Volume 3A: System Programming Guide, Part 1, Intel Corp., May 2007.
25. S. Engle, "A Policy-Based Vulnerability Analysis Framework," PhD dissertation, Dept. of Computer Science, Univ. of California, Davis, June 2010.
26. K.J. Biba, "Integrity Considerations for Secure Computer Systems," Technical Report MTR-3153, The MITRE Corporation, June 1975.
27. D. Wagner, J.S. Foster, E. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Symp. Network and Distributed Systems Security, pp. 3-17, 2000.
28. E. Haugh and M. Bishop, "Testing C Programs for Buffer Overflow Vulnerabilities," Proc. Network and Distributed System Security Symp., pp. 123-130, 2003.
29. K.-S. Lhee and S.J. Chapin, "Buffer Overflow and Format String Overflow Vulnerabilities," Software: Practice and Experience, vol. 33, no. 5, pp. 423-460, 2003.
30. O. Ruwase and M.S. Lam, "A Practical Dynamic Buffer Overflow Detector," Proc. Symp. Network and Distributed System Security, pp. 159-169, 2004.
31. Z. Shao, Q. Zhuge, Y. He, and E. Sha, "Defending Embedded Systems against Buffer Overflow via Hardware/Software," Proc. 19th Ann. Computer Security Applications Conf., pp. 351-361, 2003.
32. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "Stackguard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. Seven USENIX Security Symp., 1998.
33. C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "PointguardTM: Protecting Pointers from Buffer Overflow Vulnerabilities," Proc. 12th Conf. USENIX Security Symp., pp. 91-104, 2003.
34. J. Xu, Z. Kalbarczyk, S. Patel, and R.K. Iyer, "Architecture Support for Defending against Buffer Overflow Attacks," Proc. Workshop Evaluating and Architecting System Dependability, 2002.
35. T.-C. Chiueh and F.-H. Hsu, "RAD: A Compile-Time Solution to Buffer Overflow Attacks," Proc. 21st Int'l Conf. Distributed Computing Systems, pp. 409-417, 2001. (Pubitemid 32478299)
36. F. Gadaleta, Y. Younan, B. Jacobs, W. Joosen, E.D. Neve, and N. Beosier, "Instruction-Level Countermeasures against Stack-Based Buffer Overflow Attacks," Proc. First EuroSys Workshop Virtualization Technology for Dependable Systems, pp. 7-12, 2009.
37. S. Bhatkar, R. Sekar, and D.C. DuVarney, "Efficient Techniques for Comprehensive Protection from Memory Error Exploits," Proc. 14th USENIX Security Conf., pp. 255-270, 2005.
38. S. Chen, J. Xu, Z. Kalbarczyk, and R.K. Iyer, "Security Vulnerabilities: From Analysis to Detection and Masking Techniques," Proc. IEEE, vol. 94, no. 2, pp. 407-418, Feb. 2006. (Pubitemid 43145993)
39. S. Forrest, A. Somayaji, and D.H. Ackley, "Building Diverse Computer Systems," Proc. Sixth Workshop Hot Topics in Operating Systems, pp. 67-72, 1997.
40. J. Xu, Z. Kalbarczyk, and R.K. Iyer, "Transparent Runtime Randomization for Security," Proc. 22nd Int'l Symp. Reliable Distributed Systems, pp. 260-269, 2003. (Pubitemid 41550528)
41. G.S. Kc, A.D. Keromytis, and V. Prevelakis, "Countering Code-Injection Attacks with Instruction-Set Randomiztion," Proc. 10th ACM Conf. Computer and Comm. Security, pp. 272-280, 2003. (Pubitemid 40673809)
42. P. Ratanaworabhan, B. Livshits, and B. Zorn, "NOZZLE: A Defense against Heap-Spraying Code Injection Attacks," Proc. 18th USENIX Security Symp., pp. 169-186, 2009.
43. M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda, "Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks," Proc. Sixth Int'l Conf. Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 88-106, 2009.
44. F. Gadaleta, Y. Younan, and W. Joosen, "BuBBle: A Javascript Engine Level Countermeasure against Heap-spraying Attacks," Proc. Second Int'l Symp. Eng. Secure Software and Systems, pp. 1-17, 2010.
45. D. Litchfield, "Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server," White Paper, NGS Secure http://www.nccgroup.com/Libraries/Document-Downloads/Defeating-the-Stack-Based- Buffer-Overflow-Prevention-Mechanism-of-Microsoft-Windows-2003-Server.sflb.ashx, Sept. 2003.
46. M. Miller, "Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP," http://www.blogs. technet.com/b/srd/archive/2009/02/02/preventing-theexploitation-of-seh- overwrites-with-sehop.aspx, 2009.
47. S. Designer, "Linux Kernel Patch from the Openwall Project," http://www.openwall.com/linux/README.shtml.
48. C.H.S. Dik, "RE: Binary Security Attacks," news:comp.security. unix, 2011.
49. S.J. Templeton and K. Levitt, "A Requires/Provides Model for Computer Attacks," Proc. New Security Paradigms Workshop, pp. 31-38, 2000.