Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. Buer over ows: Attacks and defenses for the vulnerability of the decade. In Proc. 2000.  Home/Search   Document Not in Database   Summary   Related Articles   Check

..... 40 5.13 STOBO results for net tools 1.46, warning type 1 . 40 5.14 STOBO results for net tools 1.46, warning type 2 . 41 iv 1 Chapter 1 Introduction 1. 1 The Problem Bu er over ow vulnerabilities are one of the most common security aws [7]. Over the past few years, they have accounted for up to 50 of the advisories issued by CERT, demonstrating just how serious the issue is. A bu er over ow aw typically results when a programmer fails to do bounds checking when writing data into a xed length bu er. Even when bounds checking is ....

C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buer Over ows: Attacks and Defenses for the Vulnerability of the Decade. In Proceedings of the DARPA Information Survivability Conference and Expo, 1999.

....overwrite portions of the stack frame. Hackers have exploited this e ect to redirect the instruction pointer in the stack frame to malicious code within the string and thereby gain partial or total control of a host [17] Bu er overruns are a particularly widespread class of security vulnerability [5] and the National Security Agency predicts that overrun attacks will continue to be a problem for at least the next decade [20] Finding security faults, such as string handling that may overrun, has been likened to the problem of nding a needle in a hay stack [11] This paper describes an ....

....become less tractable as the number of variables increase. This is an eciency issue. More subtle is the correctness issue that relates to pointers that de nitely or possibly point to the same bu er. This is illustrated in the following code: 1 char p, q, s[32] t[32] 2 strcpy(s, Boat ) s[5] 3 strcpy(t, Aero ) s[5] t[4] 4 p = t 4; p[4] s[5] t[4] 5 strcat(p, plane ) p[10] s[5] t[10] 6 if (rand( q=s; else q=t; p[10] q[5,10] s[5] t[10] 7 strcat(q, to R eunion ) p[10,20] q[15,20] s[5,15] t[10,20] The comments indicate the possible null ....

[Article contains additional citation context not shown here]

C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buer Over ows: Attacks and Defenses for the Vulnerability of the Decade. In Information Survivability Conference and Exposition, volume II, pages 154-163. IEEE Press, 1998.

....tools are usually not used in production. Moreover, their e ectiveness strongly depends on the input tested, and these checks do not assure against future bugs on di erent inputs. There are tools that directly identify cleanness violations leading to security vulnerabilities such as StackGuard [6]. An unpublished success story in program analysis is the usage of the AST ToolKit to identify 23 string violation bugs in Oce 10 by scanning syntax trees [19] An extension to LCLint, a widely used static checking tool, which checks for bu er over ow vulnerabilities is presented in [11] ....

C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buer over ows: attacks and defenses for the vulnerability of the decade. In In Proc. of the DARPA Information Survivability Conference and Expo, 1999.

No context found.

Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. Buer over ows: Attacks and defenses for the vulnerability of the decade. In Proc. 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC