vbrandl/WIS-SEC-BOF
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use biblatex

Browse Source
This commit is contained in:
Valentin Brandl 2019-10-29 11:09:23 +01:00
parent 133d7badd9
commit 475e37b633
No known key found for this signature in database
GPG Key ID: 30D341DD34118D7D
2 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
work/01paper.pdf
View File

Binary file not shown.

37
work/01paper.tex
View File

@ -1,7 +1,11 @@
\documentclass[conference]{IEEEtran}
\IEEEoverridecommandlockouts{}
% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.
\usepackage{cite}
\usepackage{csquotes}
\usepackage[style=ieee,backend=biber]{biblatex}
\addbibresource{./bibliography.bib}
\usepackage{amsmath,amssymb,amsfonts}
\usepackage{algorithmic}
\usepackage{booktabs}
@ -99,17 +103,18 @@ is to check, if a write or read operation is out of bounds. This requires
storing the size of a buffer together with the pointer to the buffer and check
for each read or write in the buffer, if it is in bounds at runtime.
\subsubsection{Prevent Overriding Return Address}
\subsubsection{Prevent/Detect Overriding Return Address}
Since most traditional buffer overflow exploits work by overriding the return
address in the current stack frame, preventing or at least detecting this, can
be quite effective without much overhead at runtime. Chiueh et al describe a
technique that stores a redudnant copy of the return address in a secure memory
area that is guarded by read-only memory, so it cannot be overwritten by
overflows. When returning, the copy of the return address is compared to the one
in the current stack frame and only, if it matches, the ret instruction is
actually executed\cite{Rad2001}. While this is effective against return oriented
programming based exploits, it does not protect against vtable overrides.
be quite effective without much overhead at runtime. \citeauthor{Rad2001}
describe a technique that stores a redudnant copy of the return address in a
secure memory area that is guarded by read-only memory, so it cannot be
overwritten by overflows. When returning, the copy of the return address is
compared to the one in the current stack frame and only, if it matches, the ret
instruction is actually executed\cite{Rad2001}. While this is effective against
return oriented programming based exploits, it does not protect against vtable
overrides.
An older technique from 1998 proposes to put a canary word between the data of a
stack frame and the return address\cite{Stackguard1998}. When returning, the
@ -123,10 +128,10 @@ canary intact.
\subsubsection{Static Analysis}
\subsubsection{Type System Solutions}
Condit et al propose an extension to the C type system that extends it with
dependent types. These types have an associated value, e.g. a pointer type can
have the buffer size associated to it. This prevents indexing into a buffer with
out of bounds values.
\citeauthor{Dep2007} propose an extension to the C type system that extends it
with dependent types. These types have an associated value, e.g. a pointer type
can have the buffer size associated to it. This prevents indexing into a buffer
with out of bounds values.
\subsubsection{ASLR}
@ -197,9 +202,9 @@ unsafe C.
\end{itemize}
\bibliographystyle{IEEEtran}
\bibliography{bibliography}
\printbibliography
% \bibliographystyle{IEEEtran}
% \bibliography{bibliography}
\end{document}
% vim: set filetype=tex ts=2 sw=2 tw=80 et spell :