Lackwit: a program understanding tool based on type inference
ICSE '97 Proceedings of the 19th international conference on Software engineering
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Using internal sensors and embedded detectors for intrusion detection
Journal of Computer Security
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Automatic discovery of API-level exploits
Proceedings of the 27th international conference on Software engineering
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 12th ACM conference on Computer and communications security
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Secure and practical defense against code-injection attacks using software dynamic translation
Proceedings of the 2nd international conference on Virtual execution environments
An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors
Proceedings of the 33rd annual international symposium on Computer Architecture
SPEE: a secure program execution environment tool using code integrity checking
Journal of High Speed Networks - Special issue on trusted internet workshop (TIW) 2004
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
IEEE Transactions on Computers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
RaceGuard: kernel protection from temporary file race vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
RaceGuard: kernel protection from temporary file race vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
FormatShield: A Binary Rewriting Defense against Format String Attacks
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
MEDS: The Memory Error Detection System
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Low-level software security: attacks and defenses
Foundations of security analysis and design IV
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Fine-grained user-space security through virtualization
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Finite state machine based approach to prevent format string attacks
ACM SIGSOFT Software Engineering Notes
REASSURE: a self-contained mechanism for healing software using rescue points
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Transparent run-time prevention of format-string attacks via dynamic taint and flexible validation
ISC'06 Proceedings of the 9th international conference on Information Security
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Kimchi: a binary rewriting defense against format string attacks
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Memory errors: the past, the present, and the future
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
String oriented programming: when ASLR is not enough
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
ASIST: architectural support for instruction set randomization
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
In June 2000, a major new class of vulnerabilities called "format bugs" was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer overflow, but wasn't. Since then, dozens of format string vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our proposed solution. FormatGuard is a small patch to glibc that provides general protection against format bugs. We show that FormatGuard is effective in protecting several real programs with format vulnerabilities against live exploits, and we show that FormatGuard imposes minimal compatibility and performance costs.