Arbitrary Copy: Bypassing Buffer-Overflow Protections

Recent advances in buffer-overflow protection are able to eliminate several common types of buffer-overflow attacks (e.g. stack smashing, jump table). In this paper, we introduce arbitrary copy, a type of buffer-overflow attack that is capable of bypassing most buffer-overflow solutions. By overflow...

Full description

Saved in:
Bibliographic Details
Published in:2006 IEEE International Conference on Electro/Information Technology pp. 580 - 584
Main Authors: Piromsopa, K., Enbody, R.J.
Format: Conference Proceeding
Language:English
Published: IEEE 01.05.2006
Subjects:
Buffer overflow
Buffer-Overflow Attacks
Computer bugs
Computer science
Computer security
Computer worms
Computerized monitoring
Intrusion detection
Intrusion Prevention
Operating systems
Programming profession
Protection
ISBN:0780395921, 9780780395923
ISSN:2154-0357
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Recent advances in buffer-overflow protection are able to eliminate several common types of buffer-overflow attacks (e.g. stack smashing, jump table). In this paper, we introduce arbitrary copy, a type of buffer-overflow attack that is capable of bypassing most buffer-overflow solutions. By overflowing both source and destination pointers of any string copy (or similar) function, arbitrary copy is able to utilize a useful local address for attacking a system. This method can bypass even the most promising buffer-overflow protection that enforces the integrity of address such as secure bit (Piromsopa and Enbody, 2006) and MINOS (Crandal and Chong, 2004). Later, we analyze conditions necessary for the success of this attack. Though satisfying all necessary conditions for this attack should be difficult, our conclusion is that it is a potential threat and requires consideration
ISBN:0780395921
9780780395923
ISSN:2154-0357
DOI:10.1109/EIT.2006.252213