A Taxonomy of Buffer Overflow Characteristics

被引：18

作者：

Bishop, Matt ^{[1
]}

Engle, Sophie ^{[2
]}

Howard, Damien ^{[3
]}

Whalen, Sean ^{[4
]}

机构：

[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA

[2] Univ San Francisco, Dept Comp Sci, San Francisco, CA 94117 USA

[3] Knobbe Martens Olson & Bear LLP, Irvine, CA 92614 USA

[4] Columbia Univ, Dept Comp Sci, New York, NY 10027 USA

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2012年 / 9卷 / 03期

基金：

美国国家科学基金会;

关键词：

Protection mechanisms; software/program verification; security and privacy; arrays;

D O I：

10.1109/TDSC.2012.10

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.

引用

页码：305 / 317

页数：13

共 50 条

[41] Program Transformations to Fix C Buffer Overflow
Shaw, Alex
36TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE COMPANION 2014), 2014, : 733 - 735
[42] Analysis of buffer overflow exploits and Prevention Strategies
Xu, ShuXin
Chen, JunZhang
APPLIED SCIENCE, MATERIALS SCIENCE AND INFORMATION TECHNOLOGIES IN INDUSTRY, 2014, 513-517 : 1701 - 1704
[43] SCISM: A Solution for General Buffer Overflow Protection
Fu, Jian-Jing
Wang, Ji-Lin
2009 WRI WORLD CONGRESS ON SOFTWARE ENGINEERING, VOL 3, PROCEEDINGS, 2009, : 429 - 434
[44] Buffer overflow vulnerabilities in CUDA: a preliminary analysis
Miele, Andrea
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2016, 12 (02) : 113 - 120
[45] To Detect Stack Buffer Overflow With Polymorphic Canaries
Wang, Zhilong
Ding, Xuhua
Pang, Chengbin
Guo, Jian
Zhu, Jun
Mao, Bing
2018 48TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2018, : 243 - 254
[46] Study on the Principle and Defense of Buffer Overflow Attacks
Lin, Wang
INTERNATIONAL CONFERENCE ON GRAPHIC AND IMAGE PROCESSING (ICGIP 2012), 2013, 8768
[47] On the estimation of buffer overflow probabilities from measurements
Paschalidis, IC
Vassilaras, S
IEEE TRANSACTIONS ON INFORMATION THEORY, 2001, 47 (01) : 178 - 191
[48] AIFD: A runtime solution to buffer overflow attack
Han, Hong
Lu, Xian-Liang
Ren, Li-Yong
Chen, Bo
Yang, Ning
PROCEEDINGS OF 2007 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-7, 2007, : 3189 - 3194
[49] New chips stop buffer overflow attacks
Dailey, L
COMPUTER, 2004, 37 (10) : 28 - 28
[50] Automatic Exploit Generation for Buffer Overflow Vulnerabilities
Xu, Luhang
Jia, Weixi
Dong, Wei
Li, Yongjun
2018 IEEE 18TH INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C), 2018, : 463 - 468

← 1 2 3 4 5 →