Preventing brute force attacks against stack canary protection on networking servers

Proceedings - IEEE 12th International Symposium on Network Computing and Applications, NCA 2013

Volumn , Issue , 2013, Pages 243-250

  Marco Gisbert, Hector ^a   Ripoll, Ismael ^a  

^a INSTITUTO TECNOLÓGICO DE INFORMÁTICA   (Spain)

Author keywords

Buffer overflow prevention; Netwoking server security

Indexed keywords

BRUTE-FORCE ATTACK; BUFFER OVERFLOWS; GNU/LINUX; NETWOKING SERVER SECURITY; PRELOADING; PROTECTION METHODS; SHARED LIBRARIES; WEB SERVERS;

BUFFER STORAGE; WEB SERVICES;

DIGITAL LIBRARIES;

EID: 84889035842     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NCA.2013.12     Document Type: Conference Paper

References (12)

1. Y. Younan, D. Pozza, F. Piessens, and W. Joosen, "Extended protection against stack smashing attacks without performance loss," in In Proceedings of ACSAC, 2006
2. A. One, "Smashing the stack for fun and profit," Phrack, vol. 7, no. 49, 1996
3. Bulba and Kiler, "Bypassing stackguard and stackshield," Phrack, 56, 2002
4. G. Richarte, "Four different tricks to bypass stackshield and stackguard protection," World Wide Web, vol. 1, 2002
5. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh, "On the effectiveness of address-space randomization," in Proceedings of the 11th ACM conference on Computer and communications security, ser. CCS '04. New York, NY, USA: ACM, 2004, pp. 298-307. [Online]. Available: http://doi.acm.org/10.1145/1030083.1030124
6. M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning, "On the expressiveness of return-into-libc attacks," in Proceedings of the 14th international conference on Recent Advances in Intrusion Detection, ser. RAID'11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 121-141. [Online]. Available: http://dx.doi.org/10. 1007/978-3-642-23644-0 7
7. B. Erb, "Concurrent programming for scalable web architectures," Diploma Thesis, Institute of Distributed Systems, Ulm University, April 2012. [Online]. Available: http://www.benjamin-erb.de/thesis
8. C. Cowan, C. Pu, D. Maier, H. Hintongif, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks," in Proc. of the 7th USENIX Security Symposium, Jan 1998, pp. 63-78
9. 'xorl'. (2010) Linux GLibC Stack Canary Values. [Online]. Available: http://xorl.wordpress.com/2010/10/14/linux-glibc-stack-canary-values/
10. H. Etoh, "GCC extension for protecting applications from stacksmashing attacks (ProPolice)," 2003. [Online]. Available: http: //www.trl.ibm.com/projects/security/ssp/
11. A. 'pi3' Zabrocki, "Scraps of notes on remote stack overflow exploitation," November 2010. [Online]. Available: http://www.phrack. org/issues.html?issue=67&id=13#article
12. Y.-J. Park and G. Lee, "Repairing return address stack for buffer overflow protection," in Proceedings of the 1st conference on Computing frontiers, ser. CF '04. New York, NY, USA: ACM, 2004, pp. 335-342. [Online]. Available: http://doi.acm.org/10.1145/977091.977139