A survey of buffer overflow attacks and techniques used to prevent them

A survey of buffer overflow attacks and techniques used to prevent them

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
— 1 — Abstract Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetra- tion vulnerabilities, where an anonymous Inter- net user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive mea- sures that mitigate buffer overflow vulnerabili- ties, including our own StackGuard method. We then consider which combinations of techniques can eliminate the problem of buffer overflow vulnerabilities, while preserving the functional- ity and performance of existing systems. 1 Introduction Buffer overflows have been the most common form of security vulnerability in the last ten years. More over, buffer overflow vulnerabilities dominate in the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. Because these kinds of attacks enable anyone to take total control of a host, they repre- sent one of the most serious classes security threats. Buffer overflow attacks form a substantial portion of all security attacks simply because buffer overflow vulnerabilities are so common [15] and so easy to exploit [30, 28, 35, 20]. However, buffer overflow vul- nerabilities particularly dominate in the class of remote penetration attacks because a buffer overflow vulnera- bility presents the attacker with exactly what they need: the ability to inject and execute attack code. The injected attack code runs with the privileges of the vul- nerable program, and allows the attacker to bootstrap whatever other functionality is needed to control (“own” in the underground vernacular) the host com- puter. For instance, among the five “new” “remote to local” attacks used in the 1998 Lincoln Labs intrusion detection evaluation, three were essentially social engi- neering attacks that snooped user credentials, and two were buffer overflows. 9 of 13 CERT advisories from 1998 involved buffer overflows [34] and at least half of 1999 CERT advisories involve buffer overflows [5]. An informal survey on the Bugtraq security vulnerability mailing list [29] showed that approximately 2/3 of respondents felt that buffer overflows are the leading cause of security vulnerability. 1 Buffer overflow vulnerabilities and attacks come in a variety of forms, which we describe and classify in Section 2. Defenses against buffer overflow attacks similarly come in a variety of forms, which we describe in Section 3, including which kinds of attacks and vul- nerabilities these defenses are effective against. The Immunix project has developed the StackGuard defen- sive mechanism [14, 11], which has been shown to be highly effective at resisting attacks without compromis-
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/14/2008 for the course CS 503 taught by Professor Kihongpark during the Spring '07 term at Purdue University-West Lafayette.

Page1 / 11

A survey of buffer overflow attacks and techniques used to prevent them

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online