Virgil Gligor, Serban Gavrila, and Sabari Gupta. Penetration Analysis Tools. Personal Communications, July 1997.  Home/Search   Document Not in Database   Summary   Related Articles

....[19] for specifying these policy choices. StackGuard comes with a performance price, and can be viewed as an insurance policy. If one is very sure that a program is correct, i.e. contains no buffer overflow vulnerabilities because it has been verified using formal methods, or a validation tool [9], then the program can be re compiled and installed without benefit of StackGuard. StackGuard offers powerful protection of any program compiled withthe StackGuard compiler, but does nothing for programs that have not been thus compiled. However, tools such as COPS [7] which search for programs ....

....but does nothing for programs that have not been thus compiled. However, tools such as COPS [7] which search for programs that should not be SUID root, can be configured to look for programs that are SUID root, and have not been compiled using StackGuard or some other security verification tool [9]. If COPS reports that all SUID root programs on a machine have been protected, then one can have some degree of assurance that the machine is not vulnerable to buffer overflow attacks. 5.3 Performance Optimizations Section 4.2.2 mentions that a light weight trap to kernel mode can reduce the ....

Virgil Gligor, Serban Gavrila, and Sabari Gupta. Penetration Analysis Tools. Personal Communications, July 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC