Detection and Prevention of Stack Buffer Overflow
Benjamin Kuperman2005
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
ATTACKS How to mitigate remote attacks that exploit buffer overflow vulnerabilities on the stack and enable attackers to take control of the program. The July 2005 announcement by computer security researcher Michael Lynn at the Black Hat security conference of a software flaw in Cisco Systems routers grabbed media attention worldwide. The flaw was an instance of a buffer overflow , a security vulnerability that has been discussed for 40 years yet remains one of the most frequently reported types of remote attack against computer systems. In 2004, the national cyber-security vulnerability database (nvd.nist.gov) reported 323 buffer overflow vulnerabilities, an average of more than 27 new instances per month. For the first six months of 2005, it reported 331 buffer overflow vulnerabilities. Meanwhile, security researchers have sought to develop techniques to prevent or detect the exploitation of these vulnerabilities. Here, we discuss what buffer overflow attacks are and survey the v...
Related papers
Prevention and Detection of Stack Buffer Overflow Attacks
2005
The recent announcement by Michael Lynn at Black Hat 2005 of a software flaw in Cisco routers has grabbed the attention of many technology news sources. The flaw is an instance of a buffer overflow, a type of security vulnerability that has been discussed since the 1960s, yet remains one of the most frequently reported type of remote attack against computer
DETECTION AND PREVENTION OF STACK BUFFER OVERFLOW ATTACKS
2005
The July 2005 announcement by computer security researcher Michael Lynn at the Black Hat security conference of a software flaw in Cisco Systems routers grabbed media attention worldwide. The flaw was an instance of a buffer overflow, a security vulnerability that has been discussed for 40 years yet remains one of the most frequently reported types of remote attack against computer systems.
Buffer overflows: attacks and defenses for the vulnerability of the decade
2003
Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive measures that mitigate buffer overflow vulnerabilities, including our own StackGuard method. We then consider which combinations of techniques can eliminate the problem of buffer overflow vulnerabilities, while preserving the functionality and performance of existing systems.
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
1998
This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.
A Categorized Survey on Buffer Overflow Countermeasures
2013
Buffer overflow vulnerability is a fundamental cause for most of the cyber attacks such as server breaking-in, worms, zombies, and botnets, since the attacker gets a capital control over a victim host. Many solutions to the buffer overflow attacks have been proposed in the last decade. However, on a routine basis new buffer overflow vulnerabilities are still discovered and reported. Since almost all existing solutions to the buffer overflow attack problem require significant modification to the computing infrastructure in which network applications are developed or executed, and thus have met considerable resistance in actual deployment. This paper is aimed to provide a categorized survey for the existing countermeasures to buffer overflow attack. A categorized survey is necessary in this field because researchers have proposed many software-based and hardware based countermeasures for buffer overflow exploits. These methods differ from one another in the strength of protection prov...
A Processor Architecture Defense against Buffer Overflow Attacks
Buffer overflow vulnerabilities in the memory stack continue to pose serious threats to network and computer security. By exploiting these vulnerabilities, a malicious party can strategically overwrite the return address of a procedure call, obtain control of a system, and subsequently launch more virulent attacks. Software countermeasures for such intrusions entail modifications to applications, compilers, and operating systems. Despite the availability of these defenses, many systems remain vulnerable to buffer overflow attacks.
Instruction-Level Countermeasures Against Stack-Based Buffer Overflow Attacks
Proceedings of the …, 2009
Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks
2005
Buffer overflows constitute by far the most frequently encountered class of attacks against computer systems. In this paper we introduce a tool, termed bufSTAT that achieves a low probability of false alarm and issues early attack warnings. BufSTAT relies on Finite State Machines (FSM) for attack modeling and can detect every stage of an ongoing attack and can thus prevent its execution by issuing early warning in a progressive manner. It can also detect sophisticated multi-stage attacks that are executed over long periods of time. A significant attribute of our approach is that it is amenable to detecting unknown attacks as well after appropriate modification of bufSTAT.
Detection of Network Buffer Overflow Attacks: A Case Study
This paper presents an automated detection method based on classification of network traffic using predefined set of network metrics. We proposed the set of metrics with focus on behavior of buffer overflow attacks and their sufficient description without the need of deep packet inspection. In this paper we describe two laboratory experiments of automated detection of buffer overflow attacks on vulnerable network services and their description by proposed set of network metrics. We present the principles of several chosen network metrics and their application on experimental attacks according to their nature in comparison to valid communication.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
2000
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs.
Related topics
Related papers
StackOFFence: a technique for defending against buffer overflow attacks
2005
Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.
Buffer Overflow Exploits
JISR management and social sciences & economics, 2003
The focus of this Study is on providing an understanding of buffer overflows, the ways they are exploited, and ways to prevent attackers from abusing them. Although this problem has been around for decades, the devastating effects have been downplayed by the commercial organizations due to the fact that they require a lot of effort to trace and to fix. This has led to a flood of software on the market which claims to be secure, yet can be exploited by wily hackers. As our reliance on closed-source and proprietary systems increases, we have to face the facts that there could be a myriad of security vulnerabilities in the very tools we use to protect critical data. To be informed is to be better armed.
A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks
For the past several years Buffer Overflow attacks have been the main method of compromising a computing system's security. Many of these attacks have been devastatingly effective, allowing the attacker to attain administrator privileges on the attacked system. We review the anatomy of these attacks and the reasons why conventional methods of defense have been ineffective, and likely to remain so in the foreseeable future. Recently, however, several promising methods of defense have been proposed. We compare the strengths and weaknesses of these defense methods.
Classification and Prevention Techniques of Buffer Overflow Attacks
In computer world there are many types of input validation attacks, in which "Buffer Overflow Attacks" is one of the most important types of attacks. Buffer overflow attacks create more dangerous to handle. Buffer Overflow is an anomaly where a programmer writes a data in a buffer, that overruns boundary of the buffer and overwrites the adjacent memory. This give the result erratic program types, such as memory access error, wrong results, a crash or break the computer security. In this paper, we discuss the classification of buffer overflow according to the generation, and prevention techniques of buffer overflow vulnerabilities.
IRJET- Buffer Overflows Attacks & Defense
IRJET, 2020
Buffer overflows is one of the most common form of security vulnerability. It may lead to an anonymous Internet user to gain control (partial or total) of a server. Mitigating buffer overflow vulnerabilities we can reduce most of the serious security threats. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive measures that mitigate buffer overflow vulnerabilities.
Buffer Overrun: Techniques of Attack and Its Prevention
Buffer Overflow attack has been considered as one of the important security breaches in modern software systems that has proven difficult to mitigate. This attack allows the attacker to get the administrative control of the root-privilege by using the buffer overflow techniques by overwriting on the address of a returned function, function pointer stored on the memory and overflow a buffer on the heap. In this paper, we present the different buffer overflow techniques used by the exploiters and the methodologies applied to mitigate the buffer overflow.
Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems
Procedia Computer Science, 2016
We address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly.
Buffer overflow: Mechanism and countermeasures
IJARIIT, 2018
The invention of Computers, Information Technology and thence Internet has led humanity to a new era of revolution. We, as humans, have stored more data in the last 20 years than the whole of human history. In May 2018 Forbes announced that we have created 90% of data all data in the past two years. That describes the way information storage and usage is picking up the pace. But are our basic pillars of storing data and processing full proof and completely secure? Buffer Overflow is currently the most hostile vulnerability in the basics of information storage and processing of our computing technology. The paper discusses this vulnerability in thorough details. Ways systems are coping up with this and methods used to overcome this vulnerability present in the basics of our most important invention.
StackGuard: Automatic Adaptive Detection and Prevention of
This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.
Architecture support for defending against buffer overflow attacks
Workshop on Evaluating and …, 2002
Buffer overflow attacks are the predominant threat tothe secure operation of network and in particular, Internetbasedapplications. Stack smashing is a common mode ofbuffer overflow attack for hijacking system control. Thispaper evaluates two architecture-based techniques to defendsystems against such attacks: (1) the split control anddata stack, and (2) secure return address stack (SRAS). Thesplit stack approach separates control and data stack
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.