With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Extending the operating system at the user level: the Ufo global file system
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Fine-Grain Access Control for Securing Shared Resources in Computational Grids
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
Buffer overflow and format string overflow vulnerabilities
Software—Practice & Experience - Special issue: Security software
Ensuring integrity and service availability in a web-based control laboratory
Real-time system security
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Grid-computing portals and security issues
Journal of Parallel and Distributed Computing - Scalable web services and architecture
Repairing return address stack for buffer overflow protection
Proceedings of the 1st conference on Computing frontiers
Protection against Indirect Overflow Attacks on Pointers
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Using DISE to protect return addresses from attack
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Energy-security tradeoff in a secure cache architecture against buffer overflow attacks
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Characterizing antivirus workload execution
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
A framework for testing security mechanisms for program-based attacks
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Detection and prevention of stack buffer overflow attacks
Communications of the ACM
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Computers
Dynamic code instrumentation to detect and recover from return address corruption
Proceedings of the 2006 international workshop on Dynamic systems analysis
Speculative virtual verification: policy-constrained speculative execution
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
IEEE Transactions on Computers
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Using common off-the-shelf tools to implement dynamic aspects
ACM SIGPLAN Notices
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
Secure isolation of untrusted legacy applications
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
From STEM to SEAD: speculative execution for automated defense
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Processor virtualization for secure mobile terminals
ACM Transactions on Design Automation of Electronic Systems (TODAES)
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals
ACM Transactions on Embedded Computing Systems (TECS)
Dynamic security domain scaling on embedded symmetric multiprocessors
ACM Transactions on Design Automation of Electronic Systems (TODAES)
MEDS: The Memory Error Detection System
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security-oriented program transformations
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Defending embedded systems against control flow attacks
Proceedings of the first ACM workshop on Secure execution of untrusted code
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
AnZenMail: a secure and certified e-mail system
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Malicious shellcode detection with virtual memory snapshots
INFOCOM'10 Proceedings of the 29th conference on Information communications
Fine-grained user-space security through virtualization
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
Efficient protection against heap-based buffer overflows without resorting to magic
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
LADC'05 Proceedings of the Second Latin-American conference on Dependable Computing
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
There is safety in numbers: preventing control-flow hijacking by duplication
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
String oriented programming: when ASLR is not enough
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
| Hi-index | 0.02 |
The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks. We present two new methods to detect and handle such attacks. In contrast to previous work, the new methods work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis. The first method intercepts all calls to library functions known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. The second method uses binary modification of the process memory to force verification of critical elements of stacks before use. We have implemented both methods on Linux as dynamically loadable libraries and shown that both libraries detect several known attacks. The performance overhead of these libraries range from negligible to 15%.