A Taxonomy of Buffer Overflow Characteristics

被引：18

作者：

Bishop, Matt ^{[1
]}

Engle, Sophie ^{[2
]}

Howard, Damien ^{[3
]}

Whalen, Sean ^{[4
]}

机构：

[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA

[2] Univ San Francisco, Dept Comp Sci, San Francisco, CA 94117 USA

[3] Knobbe Martens Olson & Bear LLP, Irvine, CA 92614 USA

[4] Columbia Univ, Dept Comp Sci, New York, NY 10027 USA

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2012年 / 9卷 / 03期

基金：

美国国家科学基金会;

关键词：

Protection mechanisms; software/program verification; security and privacy; arrays;

D O I：

10.1109/TDSC.2012.10

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.

引用

页码：305 / 317

页数：13

共 50 条

[21] Automatic Buffer Overflow Warning Validation
Feng-Juan Gao
Yu Wang
Lin-Zhang Wang
Zijiang Yang
Xuan-Dong Li
Journal of Computer Science and Technology, 2020, 35 : 1406 - 1427
[22] Automatic Buffer Overflow Warning Validation
Gao, Feng-Juan
Wang, Yu
Wang, Lin-Zhang
Yang, Zijiang
Li, Xuan-Dong
JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY, 2020, 35 (06) : 1406 - 1427
[23] Buffer overflow asymptotics for a buffer handling many traffic sources
J Appl Probab, 3 (886):
[24] Buffer Overflow Detection on Binary Code
郑燕飞
李晖
陈克非
Journal of Shanghai Jiaotong University(Science), 2006, (02) : 224 - 229
[25] A Poisson limit for buffer overflow probabilities
Cao, J
Ramanan, K
IEEE INFOCOM 2002: THE CONFERENCE ON COMPUTER COMMUNICATIONS, VOLS 1-3, PROCEEDINGS, 2002, : 994 - 1003
[26] BUFFER OVERFLOW EXPLOIT AND DEFENSIVE TECHNIQUES
Fu, Desheng
Shi, Feiyue
2012 FOURTH INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY (MINES 2012), 2012, : 87 - 90
[27] Buffer Overflow Attack and Defense Techniques
Alzahrani, Sabah M.
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2021, 21 (12): : 207 - 212
[28] Buffer overflow period in a MAP queue
Chydzinski, Andrzej
MATHEMATICAL PROBLEMS IN ENGINEERING, 2007, 2007
[29] Buffer overflow management with class segregation
Al-Bawani, Kamal
Souza, Alexander
INFORMATION PROCESSING LETTERS, 2013, 113 (04) : 145 - 150
[30] Precisely detecting buffer overflow vulnerabilities
Wang, Lei
Li, Ji
Li, Bo-Yang
Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2008, 36 (11): : 2200 - 2204

← 1 2 3 4 5 →