Buffer overflow attacks & countermeasures
暂无分享,去创建一个
Often security website’ headlines read: "Buffer overflow in vendor’s product allows intruders to take over computer!” What can software engineering education do about this situation? In this document we have tried to point out how dangerous buffer overflow attacks can be and the amount of damage they are capable of incurring. We have shown several vulnerable applications both past as well as recent. The objective of this study is to take one inside the buffer overflow attack and bridge the gap between the “descriptive account” and the “technically intensive account”. The intent is to provide a logical, detailed, and technical explanation of the buffer overflow problem and the exploit that can be well understood by all. We have successfully coded several exploits and developed programs to demonstrate the effectiveness of such attacks.
[1] Nathan P. Smith,et al. Stack Smashing Vulnerabilities in the UNIX Operating System , 1997 .
[2] Eddie Harari. A Look at the Buffer-Overflow Hack , 1999 .
[3] Calton Pu,et al. Protecting Systems from Stack Smashing Attacks with StackGuard , 1999 .
[4] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .
[5] Arash Baratloo,et al. Libsafe: Protecting Critical Elements of Stacks , 2003 .