Monitoring Buffer Overflow Attacks: A Perennial Task

International journal of secure software engineering Pub Date : 2010-07-01 DOI:10.4018/JSSE.2010070102

H. Shahriar, Mohammad Zulkernine

{"title":"Monitoring Buffer Overflow Attacks: A Perennial Task","authors":"H. Shahriar, Mohammad Zulkernine","doi":"10.4018/JSSE.2010070102","DOIUrl":null,"url":null,"abstract":"Buffer overflow BOF is a well-known, and one of the worst and oldest, vulnerabilities in programs. BOF attacks overwrite data buffers and introduce wide ranges of attacks like execution of arbitrary injected code. Many approaches are applied to mitigate buffer overflow vulnerabilities; however, mitigating BOF vulnerabilities is a perennial task as these vulnerabilities elude the mitigation efforts and appear in the operational programs at run-time. Monitoring is a popular approach for detecting BOF attacks during program execution, and it can prevent or send warnings to take actions for avoiding the consequences of the exploitations. Currently, there is no detailed classification of the proposed monitoring approaches to understand their common characteristics, objectives, and limitations. In this paper, the authors classify runtime BOF attack monitoring and prevention approaches based on seven major characteristics. Finally, these approaches are compared for attack detection coverage based on a set of BOF attack types. The classification will enable researchers and practitioners to select an appropriate BOF monitoring approach or provide guidelines to build a new one.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"44 1","pages":"18-40"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/JSSE.2010070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Buffer overflow BOF is a well-known, and one of the worst and oldest, vulnerabilities in programs. BOF attacks overwrite data buffers and introduce wide ranges of attacks like execution of arbitrary injected code. Many approaches are applied to mitigate buffer overflow vulnerabilities; however, mitigating BOF vulnerabilities is a perennial task as these vulnerabilities elude the mitigation efforts and appear in the operational programs at run-time. Monitoring is a popular approach for detecting BOF attacks during program execution, and it can prevent or send warnings to take actions for avoiding the consequences of the exploitations. Currently, there is no detailed classification of the proposed monitoring approaches to understand their common characteristics, objectives, and limitations. In this paper, the authors classify runtime BOF attack monitoring and prevention approaches based on seven major characteristics. Finally, these approaches are compared for attack detection coverage based on a set of BOF attack types. The classification will enable researchers and practitioners to select an appropriate BOF monitoring approach or provide guidelines to build a new one.

查看原文本刊更多论文

监控缓冲区溢出攻击:一项长期任务

缓冲区溢出BOF是众所周知的，也是程序中最严重和最古老的漏洞之一。BOF攻击覆盖数据缓冲区，并引入大范围的攻击，如执行任意注入的代码。许多方法被应用于缓解缓冲区溢出漏洞;然而，缓解BOF漏洞是一项长期任务，因为这些漏洞逃避了缓解工作，并在运行时出现在操作程序中。监视是在程序执行期间检测BOF攻击的一种流行方法，它可以防止或发送警告以采取措施避免利用的后果。目前，没有对拟议的监测方法进行详细分类，以了解它们的共同特征、目标和局限性。本文根据运行时BOF攻击的七个主要特点，对运行时BOF攻击的监控和预防方法进行了分类。最后，基于一组BOF攻击类型，比较了这些方法的攻击检测覆盖率。分类将使研究人员和从业人员能够选择适当的转炉监测方法或提供建立新方法的指南。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International journal of secure software engineering

自引率

0.00%

发文量