Prospector : accurate analysis of heap and stack overflows by means of age stamps
نویسنده
چکیده
Heap and stack buffer overflows are still among the most common attack vectors in intrusion attempts. In this paper, we ask a simple question that is surprisingly difficult to answer: which bytes contributed to the overflow? By careful observation of all scenarios that may occur in overflows, we identified the information that needs to be tracked to pinpoint the offending bytes. There are many reasons why this is a hard problem. For instance, by the time an overflow is detected some of the bytes may already have been overwritten, creating gaps. Additionally, it is hard to tell the offending bytes apart from unrelated network data. In our solution, we tag data from the network with an age stamp whenever it is written to a buffer. Doing so allows us to distinguish between different bytes and ignore gaps, and provide precise analysis of the offending bytes. By tracing these bytes to protocol fields, we obtain accurate signatures that cater to polymorphic attacks.
منابع مشابه
HeapShield: Library-Based Heap Overflow Protection for Free
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both a security vulnerability and a frequent source of bugs. Previous approaches to preventing these overflows require source code or can slow programs down by a factor of two or more. We present HeapShield, an approach that prevents all library-based heap overflows at runtime. It works with arbitrary...
متن کاملRun-time Detection of Heap-based Overflows
Buffer overflows belong to the most common class of attacks on today’s Internet. Although stack-based variants are still by far more frequent and well-understood, heap-based overflows have recently gained more attention. Several real-world exploits have been published that corrupt heap management information and allow arbitrary code execution with the privileges of the victim process. This pape...
متن کاملDetecting Heap Smashing Attacks through Fault Containment Wrappers
Buffer overflow attacks are a major cause of security breaches in modern operating systems. Not only are overflows of buffers on the stack a security threat, overflows of buffers kept on the heap can be too. A malicious user might be able to hijack the control flow of a root-privileged program if the user can initiate an overflow of a buffer on the heap when this overflow overwrites a function ...
متن کاملA Taxonomy of Buffer Overflows for Evaluating Static and Dynamic Software Testing Tools*
A taxonomy that uses twenty-two attributes to characterize Cprogram overflows was used to construct 291 small C-program test cases that can be used to diagnostically determine the basic capabilities of static and dynamic analysis buffer overflow detection tools. Attributes in the taxonomy include the buffer location (e.g. stack, heap, data region, BSS, shared memory); scope difference between b...
متن کاملStability Analysis and Stabilization of Miduk Heap Leaching Structure, Iran
To construct copper heap leaching structures, a stepped heap of ore is placed over an isolated sloping surface and then washed with sulphuric acid. The isolated bed of such a heap consists of some natural and geosynthetic layers. Shear strength parameters between these layers are low, so they form the possible sliding surfaces of the heaps. Economic and environmental considerations call for stu...
متن کامل