See this document in CiteSeerX!

Libsafe: Protecting Critical Elements of Stacks (2001)  (Make Corrections)  (2 citations)
Timothy K. Tsai, Navjot Singh



  Home/Search   Context   Related

 
View or download:
avayalabs.com/tech...2001019paper.pdf
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  avayalabs.com/techreportY (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks. We present a new method to detect and handle such attacks. In contrast to previous methods, this new method works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the... (Update)

Context of citations to this paper:   More

...trl.ibm.com projects security ssp 3. 6 Libsafe and Libverify Another defense against buffer overflows presented by Arash Baratloo et al. [1] is Libsafe. This tool actually provides a combination of static and dynamic intrusion prevention. Statically it patches library functions...

Cited by:   More
Adaptive Security Policies Enforced By Software Dynamic Translation - Lamanna (2002)   (Correct)
A Comparison of Publicly Available Tools for Dynamic Buffer.. - Wilander, Kamkar (2003)   (Correct)

Similar documents (at the sentence level):
39.9%:   Transparent Run-Time Defense Against Stack Smashing Attacks - Baratloo, Singh, Tsai (2000)   (Correct)
37.5%:   Libsafe: Protecting Critical Elements of Stacks - Baratloo, Tsai, Singh (1999)   (Correct)
17.4%:   Libsafe 2.0: Detection of Format String Vulnerability Exploits - Tsai, Singh (2001)   (Correct)

Active bibliography (related documents):   More   All
0.3:   The Principle, Attack Patterns, and Defense Methods of Buffer.. - Hsu (2000)   (Correct)
0.2:   Architecture Support for Defending Against Buffer.. - Xu, Kalbarczyk, Patel.. (2002)   (Correct)
0.1:   A Methodology for Designing Countermeasures Against.. - Younan, Joosen, Piessens (2005)   (Correct)

Similar documents based on text:   More   All
0.8:   Testing C Programs for Buffer Overflow Vulnerabilities - Haugh, Bishop (2003)   (Correct)
0.6:   A Binary Rewriting Defense against Stack Based Overflow attacks - Prasad, Chiueh   (Correct)
0.5:   Understanding and Predicting Effort in Software Projects - Mockus, Weiss, Zhang (2002)   (Correct)

Related documents from co-citation:   More   All
2:   Statically Detecting Likely Buffer Overflow Vulnerabilities - Larochelle, Evans - 2001
2:   Transparent run-time defense against stack smashing attacks - Baratloo, Tsai et al. - 2000

BibTeX entry:   (Update)

A. Baratloo, N. Singh, and T. Tsai. Libsafe: Protecting critical elements of stacks. White Paper http://www.research.avayalabs.com/ project/libsafe/, December 1999. http://citeseer.ist.psu.edu/baratloo01libsafe.html   More

@misc{ baratloo99libsafe,
  author = "A. Baratloo and N. Singh and T. Tsai",
  title = "Libsafe: Protecting critical elements of stacks",
  text = "A. Baratloo, N. Singh, and T. Tsai. Libsafe: Protecting critical elements
    of stacks. White Paper http://www.research.avayalabs.com/ project/libsafe/,
    December 1999.",
  year = "1999",
  url = "citeseer.ist.psu.edu/baratloo01libsafe.html" }
Citations (may not include all citations):
175   A secure environment for untrusted helper applications - Goldberg, Wagner et al. - 1996
141   StackGuard: automatic adaptive detection and prevention of b.. - Cowan, Pu et al. - 1998
100   Interposition agents: Transparently interposing user code at.. - Jones - 1993
88   Static detection of dynamic memory errors - Evans - 1996
72   A first step towards automated detection of buffer overrun v.. - Wagner, Foster et al. - 2000
66   Smashing the stack for fun and profit (context) - One - 1998
54   Transparent run-time defense against stack smashing attacks - Baratloo, Tsai et al. - 2000
31   Mediating connectors (context) - Balzer, Goldman - 1999
28   A tour of the worm (context) - Seeley - 1989
22   With microscope and tweezers: An analysis of the internet vi.. - Eichin, Rochlis - 1988
20   Computer Science Technical Report (context) - Johnson, checker et al. - 1977
19   Stack smashing vulnerabilities in the UNIX operating system (context) - Smith - 1997
14   With microscope and tweezers: The worm from MIT's perspectiv.. (context) - Rochlis, Eichin - 1989
6   Defeating solar designer non-executable stack path (context) - Wojtczuk - 1998
4   Attack class: Buffer overflows (context) - Thomas - 1999
3   netpubunixlocal libc letter and httpwww (context) - Increasing, ftp et al. - 1997
3   Posting to linux kernel mailing list (context) - Torvalds - 1998
3   Stack smashing: What to do (context) - Instenes - 1997
1   httpgeek girl (context) - http, com - 1999
1   Extending the operating system at the user-leveh the Ufo glo.. (context) - Alexandrov, Ibel et al. - 1997
http://securityfocus.com/frames/?content=/templates/article

Documents on the same site (http://www.research.avayalabs.com/techreportY.html):   More
AMC: An Adaptive Model Checker - Groce, Peled (2002)   (Correct)
Profiling UNIX Users And Processes Based on Rarity of Occurrence .. - Ju, Vardi (2001)   (Correct)
Goal-Oriented Software Assessment - Weiss, Bennett, Payseur, Tendick.. (2001)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC