Yves Younan, Wouter Joosen, Frank Piessens  Home/Search
Context
Related
| fortknox.org/youn...countermeasures.ps Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: fortknox.org (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: This paper proposes a methodology to develop countermeasures against code injection attacks, and validates the methodology by working out a specific countermeasure. This methodology is based on modeling the execution environment of a program. Such a model is then used to build countermeasures. The paper justifies the need for a more structured approach to protect programs against code injection attacks: we examine advanced techniques for injecting code into C and C++ programs and we discuss... (Update)
Active bibliography (related documents): More All
8.0: A Methodology for Designing Countermeasures Against.. - Younan, Joosen, Piessens (2004) (Correct)
3.6: Code Inection in C and CPP: A Survey of Vulnerabilities.. - Younan, Joosen, Piessens (2004) (Correct)
1.8: Security of memory allocators for C and C++ - Younan, Joosen, Piessens, Van.. (2005) (Correct)
Similar documents based on text: More All
0.2: CORRELATE: High-Level Support for Traveling Agents - Joosen, Matthijs, Van.. (1996) (Correct)
0.2: AOSD is an enabler for good enough security - Bart De Win (2003) (Correct)
0.2: View Connectors for the integration of Domain.. - Verhanneman.. (2004) (Correct)
BibTeX entry: (Update)
@inproceedings{ younan:2005:amf,
author = "Yves Younan and Wouter Joosen and Frank Piessens",
title = "A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks",
booktitle = "Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005)",
year = "2005",
address = "College Park, Maryland, U.S.A.",
month = mar,
organization = "IEEE",
publisher = "IEEE Press",
url = "citeseer.ist.psu.edu/article/younan05methodology.html" }
Citations (may not include all citations):141 StackGuard: Automatic adaptive detection and prevention of b.. - Cowan, Pu et al. - 1998
88 Cyclone: A safe dialect of C - Jim, Morrisett et al. - 2002
67 CCured: Type-safe retrofitting of legacy code - Necula, McPeak et al. - 2002
61 IA-32 Intel Architecture Software Developer's Manual Volume .. (context) - Corporation - 2001
54 Transparent run-time defense against stack smashing attacks - Baratloo, Singh et al. - 2000
45 Efficient detection of all pointer and array access errors - Austin, Breach et al. - 1994
27 StackGhost: Hardware facilitated stack protection - Frantzen, Shuey - 2001
25 Bypassing Stackguard and stackshield (context) - Kil - 2000
21 Countering code-injection attacks with instruction-set rando.. (context) - Kc, Keromytis et al.
21 Linkers and Loaders (context) - Levine - 1999
16 Randomized instruction set emulation to disrupt binary code .. - Barrantes, Ackley et al.
16 PointGuard: protecting pointers from buffer overflow vulnera.. (context) - Cowan, Beattie et al. - 2003
14 RAD: A compile-time solution to buffer overflow attacks - Chiueh, Hsu - 2001
14 Type-assisted dynamic buffer overflow detection - Lhee, Chapin - 2002
13 Transparent runtime randomization for security (context) - Xu, Kalbarczyk et al. - 2003
12 Adding run-time checking to the portable C compiler (context) - Steffen - 1992
12 Bcc: Runtime checking for C programs (context) - Kendall - 1983
11 Protecting from stack-smashing attacks (context) - Etoh, Yoda - 2000
10 A practical dynamic buffer overflow detector - Ruwase, Lam - 2004
10 Multics security evaluation: Vulnerability analysis (context) - Karger, Schell - 1974
9 Vudo - an object superstitiously believed to embody magical .. (context) - Kaempf - 2001
7 programs from attacks via invalid pointer dereferences (context) - Yong, Horwitz - 2003
7 Run-time detection of heap-based overflows (context) - Robertson, Kruegel et al. - 2003
6 Defeating solar designer nonexecutable stack patch (context) - Wojtczuk - 1998
5 JPEG COM marker processing vulnerability in netscape browser.. (context) - Designer - 2000
5 Fail-safe ANSI-C compiler: An approach to making C programs .. - Oiwa, Sekiguchi et al. - 2002
5 Comments in source code (context) - Lea, Gloger et al.
4 ContraPolice: a libc extension for protecting applications f.. (context) - Krennmair - 2003
4 Exploit for CVS double free (context) - Dobrovitski - 2003
4 An overview of common programming security vulnerabilities a.. - Younan - 2003
4 Backwardscompatible bounds checking for arrays and pointers .. (context) - Jones, Kelly - 1997
3 comlibraryen us dv_vstecharthtmlvctchCompile% rSecurityCheck.. (context) - security, depth et al. - 2002
3 security-protocols (context) - heap, http - 2003
3 Getting around non-executable stack (context) - Designer - 1997
3 International Organization for Standards (context) - SC, ISO et al. - 1999
3 Defeating the stack based buffer overflow prevention mechani.. (context) - Litchfield - 2003
2 Righting software (context) - Larus, Ball et al. - 2004
2 Repaired security bugs in multics (context) - Saltzer - 1977
2 A Representation of the free operation in the model Modify M.. (context) - Younan, Joosen et al. - 2004
2 Posted vuln dev mailinglist httpwww (context) - in, Posted et al. - 2000
2 Posted Bugtraq mailinglist httpwww (context) - the, Posted et al. - 2000
http://www.angelfire.com/sk/stackshield
http://gcc.gnu.org/
www.openwall.com
http://research.microsoft
http://pageexec.virtualave
Documents on the same site (http://fort-knox.org):
Code Inection in C and CPP: A Survey of Vulnerabilities.. - Younan, Joosen, Piessens (2004) (Correct)
Security of memory allocators for C and C++ - Younan, Joosen, Piessens, Van.. (2005) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC