Using Greedy Hamiltonian Call Paths to Detect Stack Smashing Attacks
نویسندگان
چکیده
The ICAT statistics over the past few years have shown at least one out of every five CVE and CVE candidate vulnerabilities have been due to buffer overflows. This constitutes a significant portion of today’s computer related security concerns. In this paper we introduce a novel method for detecting stack smashing and buffer overflow attacks. Our runtime method extracts return addresses from the program call stack and uses these return addresses to extract their corresponding invoked addresses from memory. We demonstrate how these return and invoked addresses can be represented as a directed weighted graph and used in the detection of stack smashing attacks. We introduce the concept of a Greedy Hamiltonian Call Path and show how the lack of such a path can be used to detect stack-smashing attacks.
منابع مشابه
Transparent Run-Time Defense Against Stack-Smashing Attacks
Stack Smashing Attacks Arash Baratloo and Navjot Singh farash,[email protected] Bell Labs Research, Lucent Technologies 600 Mountain Ave Murray Hill, NJ 07974 USA Timothy Tsai [email protected] Reliable Software Technologies 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 USA Abstract The exploitation of bu er over ow vulnerabilities in process stacks constitutes a signi cant port...
متن کاملArchitecture Support for Defending Against Buffer Overflow Attacks
Buffer overflow attacks are the predominant threat to the secure operation of network and in particular, Internetbased applications. Stack smashing is a common mode of buffer overflow attack for hijacking system control. This paper evaluates two architecture-based techniques to defend systems against such attacks: (1) the split control and data stack, and (2) secure return address stack (SRAS)....
متن کاملDetecting Stack Layout Corruptions with Robust Stack Unwinding
The stack is a critical memory structure to ensure the correct execution of programs because control flow changes through the data stored in it, such as return addresses and function pointers. Thus the stack has been a popular target by many attacks and exploits like stack smashing attacks and return-oriented programming (ROP). We present a novel system to detect the corruption of the stack lay...
متن کاملTransparent Run - Time Defense
Stack Smashing Attacks Arash Baratloo and Navjot Singh farash,[email protected] Bell Labs Research, Lucent Technologies 600 Mountain Ave Murray Hill, NJ 07974 USA Timothy Tsai [email protected] Reliable Software Technologies 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 USA Abstract The exploitation of bu er over ow vulnerabilities in process stacks constitutes a signi cant port...
متن کاملDefending Embedded Systems Against Buffer Overflow via Hardware/Software
Buffer overflow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. In this paper, we propose the Hardware/Software Address Protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004