By Topic

OverCovert: Using Stack-Overflow Software Vulnerability to Create a Covert Channel

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Fatayer, T.S. ; Dept. of Comput. Sci., Alaqsa Univ., Palestinian Authority ; Khattab, S. ; Omara, F.A.

Abstract-Attackers exploit software vulnerabilities, such as stack overflow, heap overflow, and format string errors, to break into victim machines and implant backdoors to maintain access. They typically use obfuscation techniques, such as encryption and covert channels, to hide their command-and-control traffic and avoid detection. In this paper, we show how a vulnerable program can be used to create a covert channel that allows an entity (e.g., an attacker) to stealthily send information to another remote entity (e.g., a backdoor). The proposed covert channel, for which we coin the term OverCovert, is based on the common return-to-libc stack-overflow attack and the address space layout randomization defense. We implemented a proof-of-concept of OverCovert under Linux and evaluated its throughput sending files of different formats. We also propose and analyze techniques to improve channel undetectability and throughput.

Published in:

New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on

Date of Conference:

7-10 Feb. 2011