In: USENIX security symposium, San Francisco, pp 191–206Īkritidis P, Markatos E, Polychronakis M, Anagnostakis K (2005) STRIDE: polymorphic sled detection through instruction sequence analysis. Kiriansky V, Bruening D, Amarasinghe S (2002) Secure execution via program shepherding. Buffer overflows typically have a high severity ranking because they can lead to unauthorized code execution in cases where attackers can control the overwritten. In: ASPLOS, New York, pp 85–96Ĭrandall J, Chong F (2004) Minos: control data attack prevention orthogonal to memory model. A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. Sending too much data to an application that allows an attacker to run arbitrary code. Suh G, Lee J, Zhang D, Devadas S (2004) Secure program execution via dynamic information flow tracking. Using a dictionary file to crack passwords. Flaws in buffer overflows can exist in both application servers and web servers, especially web applications that use libraries like graphics libraries. In: ACM CCS, Washington, DC, pp 281–289Ībadi M, Budiu M, Erlingsson U, Ligatti J (2005) Control-flow integrity. Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary code, and take over a machine. In: ACM CCS, Washington, DC, pp 272–280īarrantes E, Ackley D, Forrest S, Palmer T, Stefanovic D, Zovi D (2003) Randomized instruction set emulation to disrupt binary code injection attacks. Kc G, Keromytis A, Prevelakis V (2003) Countering code-injection attacks with instruction-set randomization. In: USENIX security symposium, San Antonio, pp 63–78 In: ACM CCS, Washington, DC, pp 298–307Ĭowan C, Pu C, Maier D, Hinton H, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1998) Stackguard: automatic detection and prevention of buffer-overflow attacks. Shacham H, Page M, Pfaff B, Goh EJ, Modadugu N, Boneh D (2004) On the effectiveness of address-space randomization. In: USENIX security symposium, Washington, DC, pp 105–120 In: ACM CCS, Alexandria, pp 322–335īhatkar S, DuVarney D, Sekar R (2003) Address obfuscation: an efficient approach to combat a broad range of memory error exploits. data exceeds the size of the temporary space that is allocated in the memory to hold data. In: USENIX security symposium, Baltimore, pp 177–192Ĭadar C, Ganesh V, Pawlowski P, Dill D, Engler D (2006) EXE: automatically generating inputs of death. In: ACM CCS, Alexandria, pp 552–561Ĭhen S, Xu J, Sezer E, Gauriar P, Iyer R (2005) Non-control-data attacks are realistic threats. Shacham H (2007) The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). Levy E (1996) Smashing the stack for fun and profit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |