Buffer overflows: attacks and defenses for the vulnerability of thedecade
Cowan, C.
Wagle, F.
Calton Pu
Beattie, S.
Walpole, J.
Dept. of Comput. Sci. & Eng., Oregon Graduate Inst. of Sci. & Technol., Beaverton, OR;
This paper appears in: DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Publication Date: 2000
Volume: 2,
On page(s): 119-129 vol.2
Meeting Date: 01/25/2000 - 01/27/2000
Location: Hilton Head, SC, USA
ISBN: 0-7695-0490-6
References Cited: 43
INSPEC Accession Number: 6498853
Digital Object Identifier: 10.1109/DISCEX.2000.821514
Current Version Published: 2002-08-06
Abstract
Buffer overflows have been the most common form of security
vulnerability for the last ten years. Moreover, buffer overflow
vulnerabilities dominate the area of remote network penetration
vulnerabilities, where an anonymous Internet user seeks to gain partial
or total control of a host. If buffer overflow vulnerabilities could be
effectively eliminated, a very large portion of the most serious
security threats would also be eliminated. We survey the various types
of buffer overflow vulnerabilities and attacks and survey the various
defensive measures that mitigate buffer overflow vulnerabilities,
including our own StackGuard method. We then consider which combinations
of techniques can eliminate the problem of buffer overflow
vulnerabilities, while preserving the functionality and performance of
existing systems
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
