Abstract
Stack buffer overflow hacking became generally known due to the Morris’ Internet Worm in 1988. Since then buffer overflow hacking has been used to attack systems and servers by hackers very frequently. Recently, many researches tried to prevent it, and several solutions were developed such as Libsafe and StackGuard; however, these solutions have a few problems. In this paper we present a new stack buffer overflow attack prevention technique that uses the system call monitoring mechanism and memory address where the system call is made. Because of its detection mechanism this system can be used for unknown attack detection, too.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Larry Boettger, “The Morris Worm: How it Affected Compter Security and Lessons Learnd by it”, SANS Institute White Paper, Dec. 2000.
Aleph One, “Smashing The Stack For Fun And Profit”, Phrack 49th Ed. File 14th of 16, Phrack.org, Nov. 1996
CERTCC-KR, “Hacking Statistics”, Korea Information Security Agency. 2001.
“IA-32 Intel Architecture Software Developer’s Manual. Volume 1-3”, Intel Corporation, 2000
Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle, and Erik Walthinsen, “Protecting Systems from Stack Smashing Attacks with StackGuard”, Linux Expo, Raleigh, NC, May 1999.
Qian Zhang, “The Synthetix MemGuard Kernel Programmer’s Interface”, June 1997
Crispin Cowan, Tito Autrey, Charles Krasic, Cal-ton Pu, and Jonathan Walpole. Fast Concurrent Dynamic Linking for an Adaptive Operating System. In International Conference on Configurable Distributed Systems (ICCDS’96), Annapolis, MD, May 1996.
Crispin Cowan, Andrew Black, Charles Krasic, Calton Pu, Jonathan Walpole, Charles Consel, and Eugen-Nicolae Volanschi. Specialization Classes: An Object Framework for Specialization. In Proceedings of the Fifth International Workshop on Object-Orientation in Operating Systems (IWOOOS’ 96), Seattle, WA, October 27–28 1996.
Eugen N. Volanschi, Charles Consel, Gilles Muller, and Crispin Cowan. Declarative Specialization of Object-Oriented Programs. In Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA’97), Atlanta, GA, October 1997.
Calton Pu, Tito Autrey, Andrew Black, Charles Consel, Crispin Cowan, Jon Inouye, Lakshmi Kethana, Jonathan Walpole, and Ke Zhang. Optimistic Incremental Specialization: Streamlining a Commercial Operating System. In Symposium on Operating Systems Principles (SOSP), Copper Mountain, Colorado, December 1995.
Crispin Cowan, Dylan McNamee, Andrew Black, Calton Pu, Jonathan Walpole, Charles Krasic, Renaud Marlet, and Qian Zhang. A Toolkit for Specializing Production Operating SystemCode. Technical Report CSE-97-004, Dept. of Computer Science and Engineering, Oregon Graduate Institute,March 1997.
Arash Baratloo, Timothy Tsai, and Navjot Singh, “Transparent Run-Time Defense Against Stack Smashing Attacks”, Proceedings of the USENIX Annual Technical Conference, June 2000.
“Solar Designer”. Non-Executable User Stack. http://www.false.com/security/linux-stack/.
Casper Dik. Non-Executable Stack for Solaris. Posting to comp.security.unix, January 2 1997.
Richard Jones and Paul Kelly. Bounds Checking for C. http://www-ala.doc.ic.ac.uk/ phjk/BoundsChecking.html, July 1995.
Reed Hastings and Bob Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proceedings of the Winter USENIX Conference, 1992. Also available at http://www.rational.com/support/techpapers/fast_detection/.
Drew Dean, Edward W. Felten, and Dan S. Wallach. Java Security: From HotJava to Netscape and Beyond. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1996. http://www.cs.princeton.edu/sip/pub/secure96.html.
Jim Roskind. Panel: Security of Downloadable Executable Content. NDSS (Network and Distributed System Security), February 1997.
R. Sekar, T. Bowen, M. Segal “On Preventing Intrusions by Process Behavior Monitoring”, USENIX, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, April 9–12, 1999
A. Kosoresow, “Intrusion detection via system call traces”, IEEE Software’ 97.
Rebecca Gurley Bace, “Intrusion Detection”, Macmillan Technical Publishing, 2000
Maccabe, “Computer Systems: Architecture, Organization and Programming”, pp159–171, 1993
Bulba, Kil3r, “Bypassing Stackguard and Stackshield”, Phrack 56th Ed. File 5th of 16, Phrack.org, May. 2000
Linus Torvalds et al. Linux Operating System. http://www.linux.org/.
Nathan P. Smith. Stack Smashing vulnerabilities in the UNIX Operating System. http://millcomm.com/nate/machines/security/stack-smashing/nate-buffer.ps, 1997.
Alexander Snarskii. FreeBSD Stack Integrity Patch. ftp://ftp.lucky.net/pub/unix/local/libc-letter, 1997.
E. Spafford. The Internet Worm Program: Analysis. Computer Communication Review, January 1989.
Richard M. Stallman. Using and Porting GNU C. Free Software Foundation, Inc., Cambridge, MA.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang-Seo, C., Dong-il, S., Sung-Won, S. (2002). A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation. In: Kim, K. (eds) Information Security and Cryptology — ICISC 2001. ICISC 2001. Lecture Notes in Computer Science, vol 2288. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45861-1_12
Download citation
DOI: https://doi.org/10.1007/3-540-45861-1_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43319-4
Online ISBN: 978-3-540-45861-6
eBook Packages: Springer Book Archive