ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Detection and prevention of stack buffer overflow attacks
Full text HtmlHtml (32 KB),  PdfPdf (825 KB)
Source
Communications of the ACM archive
Volume 48 ,  Issue 11  (November 2005) table of contents
Pages: 50 - 56  
Year of Publication: 2005
ISSN:0001-0782
Authors
Benjamin A. Kuperman  Swarthmore College, Swarthmore, PA
Carla E. Brodley  Tufts University, Medford, MA
Hilmi Ozdoganoglu  Purdue University, West Lafayette, IN
T. N. Vijaykumar  Purdue University, West Lafayette, IN
Ankit Jalote  Purdue University, West Lafayette, IN
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 57,   Downloads (12 Months): 440,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1096000.1096004
What is a DOI?

ABSTRACT

How to mitigate remote attacks that exploit buffer overflow vulnerabilities on the stack and enable attackers to take control of the program.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Aleph One. Smashing the stack for fun and Profit. Phrack Magazine 7, 49 (Fall 1997); www.phrack.com/.
 
2
Baratloo, A., Singh, N., and Tsai, T. Transparent fun-time defense against stack smashing attacks. In Proceedings of the 2000 USENIX Technical Conference (San Diego, CA, June 2000).
 
3
RAD: A Compile-Time Solution to Buffer Overflow Attacks, Proceedings of the The 21st International Conference on Distributed Computing Systems, p.409, April 16-19, 2001
 
4
Cowan, C., Pu, C., Maier, D., Hinton, H., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Seventh USENIX Security Conference (San Antonio, TX, Jan. 1998).
 
5
Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
 
6
Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
 
7
Larochelle, D. and Evans, D. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 2001 USENIX Security Symposium (Aug. 2001).
8
George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263712]
 
9
Newsham, T. Format String Attacks. White paper, Guardent, Inc., Sept. 2000; www.lava.net/~newsham/format-string-attacks.pdf.
 
10
Ozdoganoglu, H., Brodley, C., Vijaykumar, T., Jalote, A., and Kuperman, B. SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address. Tech. Rep. TR-ECE 03-13, Purdue University School of Electrical and Computer Engineering, Nov. 2003; www.smashguard.org/.
 
11
Prasad, M. and Chiueh, T. A binary rewriting defense against stack-based buffer overflow attacks. In Proceedings of the 2003 USENIX Annual Technical Conference (San Antonio, TX, June 2003).
 
12
Xu, J., Kalbarczyk, Z., Patel, S., and Iyer, R. Architecture support for defending against buffer overflow attacks. In Proceedings of the 2002 Workshop on Evaluating and Architecting System dependabilitY (EASY-2002) (University of Illinois at Urbana-Champaign, Oct. 2002).

CITED BY  4
Michael E. Locasto , Stelios Sidiroglou , Angelos D. Keromytis, Speculative virtual verification: policy-constrained speculative execution, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
Felix FX Lindner, Software security is software reliability, Communications of the ACM, v.49 n.6, June 2006
William R. Mahoney , William L. Sousan, Using common off-the-shelf tools to implement dynamic aspects, ACM SIGPLAN Notices, v.42 n.2, p.34-41, February 2007
Babak Salamat , Todd Jackson , Andreas Gal , Michael Franz, Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS

Collaborative Colleagues:
Benjamin A. Kuperman: colleagues
Carla E. Brodley: colleagues
Hilmi Ozdoganoglu: colleagues
T. N. Vijaykumar: colleagues
Ankit Jalote: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player