Related Concepts
Definition
Buffer overflow attacks cause a program to overwrite a memory region (typically representing an array or other composite variable) of finite size such that additional data is written on adjacent memory locations. The overwrite typically occurs past the end of the region (toward higher memory addresses), in which case it is called an overflow. If the overwrite occurs toward lower memory addresses (i.e., before the start of the memory region), it is called an underflow. In rare cases, the overwrite can happen in nonadjacent locations. The data written on memory locations is typically under the control of an attacker who wishes to take control of the program, or at least influence its execution. Typically (but not necessarily), such overflow data include code that is executed as part of an attack. Buffer overflows can also occur over the...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
Levy E (1996) Smashing the stack for fun and profit. Phrack Mag (49):14. http://www.phrack.org/issues.html?issue=49&id=14&mode=txt
Shacham H (2007) The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: ACM CCS, Alexandria, pp 552–561
Chen S, Xu J, Sezer E, Gauriar P, Iyer R (2005) Non-control-data attacks are realistic threats. In: USENIX security symposium, Baltimore, pp 177–192
Cadar C, Ganesh V, Pawlowski P, Dill D, Engler D (2006) EXE: automatically generating inputs of death. In: ACM CCS, Alexandria, pp 322–335
Bhatkar S, DuVarney D, Sekar R (2003) Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX security symposium, Washington, DC, pp 105–120
Shacham H, Page M, Pfaff B, Goh EJ, Modadugu N, Boneh D (2004) On the effectiveness of address-space randomization. In: ACM CCS, Washington, DC, pp 298–307
Cowan C, Pu C, Maier D, Hinton H, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1998) Stackguard: automatic detection and prevention of buffer-overflow attacks. In: USENIX security symposium, San Antonio, pp 63–78
Kc G, Keromytis A, Prevelakis V (2003) Countering code-injection attacks with instruction-set randomization. In: ACM CCS, Washington, DC, pp 272–280
Barrantes E, Ackley D, Forrest S, Palmer T, Stefanovic D, Zovi D (2003) Randomized instruction set emulation to disrupt binary code injection attacks. In: ACM CCS, Washington, DC, pp 281–289
Abadi M, Budiu M, Erlingsson U, Ligatti J (2005) Control-flow integrity. In: ACM CCS, New York, pp 340–353
Suh G, Lee J, Zhang D, Devadas S (2004) Secure program execution via dynamic information flow tracking. In: ASPLOS, New York, pp 85–96
Crandall J, Chong F (2004) Minos: control data attack prevention orthogonal to memory model. In: MICRO, Portland, pp 221–232
Kiriansky V, Bruening D, Amarasinghe S (2002) Secure execution via program shepherding. In: USENIX security symposium, San Francisco, pp 191–206
Akritidis P, Markatos E, Polychronakis M, Anagnostakis K (2005) STRIDE: polymorphic sled detection through instruction sequence analysis. In: IFIP security, Milano, pp 376–391
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Keromytis, A.D. (2011). Buffer Overflow Attacks. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_502
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_502
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering