A Taxonomy of Buffer Overflow Characteristics

被引:18
|
作者
Bishop, Matt [1 ]
Engle, Sophie [2 ]
Howard, Damien [3 ]
Whalen, Sean [4 ]
机构
[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA
[2] Univ San Francisco, Dept Comp Sci, San Francisco, CA 94117 USA
[3] Knobbe Martens Olson & Bear LLP, Irvine, CA 92614 USA
[4] Columbia Univ, Dept Comp Sci, New York, NY 10027 USA
来源
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2012年 / 9卷 / 03期
基金
美国国家科学基金会;
关键词
Protection mechanisms; software/program verification; security and privacy; arrays;
D O I
10.1109/TDSC.2012.10
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.
引用
收藏
页码:305 / 317
页数:13
相关论文
共 50 条
  • [31] Analysis Of Re-sequencing Buffer Overflow Probability Based On Stochastic Delay Characteristics
    Zhou, Dongmei
    Li, Hongyan
    Li, Jiandong
    2013 IEEE 24TH INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR, AND MOBILE RADIO COMMUNICATIONS (PIMRC), 2013, : 2490 - 2495
  • [32] Detection and prevention of stack buffer overflow attacks
    Kuperman, BA
    Brodley, CE
    Ozdoganoglu, H
    Vijaykumar, TN
    Jalote, A
    COMMUNICATIONS OF THE ACM, 2005, 48 (11) : 50 - 56
  • [33] A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities
    Wang, Wenhua
    Lei, Yu
    Liu, Donggang
    Kung, David
    Csallner, Christoph
    Zhang, Dazhi
    Kacker, Raghu
    Kuhn, Rick
    2011 IEEE/IFIP 41ST INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2011, : 269 - 278
  • [34] ASSESSING TEST SUITES FOR BUFFER OVERFLOW VULNERABILITIES
    Shahriar, Hossain
    Zulkernine, Mohammad
    INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2010, 20 (01) : 73 - 101
  • [35] Evolving buffer overflow attacks with detector feedback
    Kayacik, H. Gunes
    Heywood, Malcolm I.
    Zincir-Heywood, A. Nur
    APPLICATIONS OF EVOLUTIONARY COMPUTING, PROCEEDINGS, 2007, 4448 : 11 - +
  • [36] Defending against Buffer-Overflow Vulnerabilities
    Padmanabhuni, Bindu Madhavi
    Tan, Hee Beng Kuan
    COMPUTER, 2011, 44 (11) : 53 - 60
  • [37] Defeating buffer overflow attacks via virtualization
    Tian, Donghai
    Xiong, Xi
    Hu, Changzhen
    Liu, Peng
    COMPUTERS & ELECTRICAL ENGINEERING, 2014, 40 (06) : 1940 - 1950
  • [38] Self-prevention of socket buffer overflow
    Choi, Jin-Hee
    Kim, Young-Pil
    Yoo, Chuck
    COMPUTER NETWORKS, 2007, 51 (08) : 1942 - 1954
  • [39] Defeating Buffer Overflow A Trivial but Dangerous Bug
    Black, Paul E.
    Bojanova, Irena
    IT PROFESSIONAL, 2016, 18 (06) : 58 - 61
  • [40] Estimation of buffer overflow probability by OPNET modeling
    Kulikovs, Mihails
    Petersons, Ernests
    INFORMATION TECHNOLOGIES' 2008, PROCEEDINGS, 2008, : 145 - 149
12345