Smashing the stack - A 25 year retrospective
نویسنده
چکیده
Buffer overflows still remain a problem for software today. Even with address space randomization and non-executable stacks software remains vulnerable to clever exploits. In this paper we introduce the buffer overflow through a pratical example and take a retrospective look on the past 25 years of the arms race on buffer overflow exploits and protections.
منابع مشابه
Using Greedy Hamiltonian Call Paths to Detect Stack Smashing Attacks
The ICAT statistics over the past few years have shown at least one out of every five CVE and CVE candidate vulnerabilities have been due to buffer overflows. This constitutes a significant portion of today’s computer related security concerns. In this paper we introduce a novel method for detecting stack smashing and buffer overflow attacks. Our runtime method extracts return addresses from th...
متن کاملTransparent Run-Time Defense Against Stack-Smashing Attacks
Stack Smashing Attacks Arash Baratloo and Navjot Singh farash,[email protected] Bell Labs Research, Lucent Technologies 600 Mountain Ave Murray Hill, NJ 07974 USA Timothy Tsai [email protected] Reliable Software Technologies 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 USA Abstract The exploitation of bu er over ow vulnerabilities in process stacks constitutes a signi cant port...
متن کاملDefending Embedded Systems Against Buffer Overflow via Hardware/Software
Buffer overflow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. In this paper, we propose the Hardware/Software Address Protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack s...
متن کاملStackGuard: Simple Stack Smash Protection for GCC
Since 1998, StackGuard patches to GCC have been used to protect entire distributions from stack smashing buffer overflows. Performance overhead and software compatibility issues have been minimal. In its history, the parts of GCC that StackGuard has operated in have twice changed enough to require complete overhauls of the StackGuard patch. Since StackGuard is a mature technology, even seeing r...
متن کاملDetecting Stack Layout Corruptions with Robust Stack Unwinding
The stack is a critical memory structure to ensure the correct execution of programs because control flow changes through the data stored in it, such as return addresses and function pointers. Thus the stack has been a popular target by many attacks and exploits like stack smashing attacks and return-oriented programming (ROP). We present a novel system to detect the corruption of the stack lay...
متن کامل