diff --git a/work/01paper.pdf b/work/01paper.pdf index 18e40c7..ff4f7ee 100644 Binary files a/work/01paper.pdf and b/work/01paper.pdf differ diff --git a/work/01paper.tex b/work/01paper.tex index f098be5..94a35ca 100644 --- a/work/01paper.tex +++ b/work/01paper.tex @@ -86,7 +86,7 @@ are almost always critical and result in code execution vulnerabilities or at least application crashes. In 2018, 14\% (2368 out of 16556)~\cite{Cve2018} of all software vulnerabilities -that have a CVE assigned, were overflow relates. This shows that, even if this +that have a CVE assigned, were overflow related. This shows that, even if this type of bug is very old and well known, it's still relevant today. @@ -125,12 +125,12 @@ int main(int argc, char **argv) { \subsection{Methods} -This paper will describe several techniques that have been proposed to fix the +This paper describes several techniques that have been proposed to fix the problems introduced by \acp{bof}. The performance impact, effectiveness (e.g.\ did the technique actually prevent exploitation of \acp{bof}?) and how realistic -it is for the technique to be used in real-world code (e.g.\ can it be -introduced into an existing codebase incrementally?). In the end, the current -state will be discussed. +it is for developers to use the technique in real-world code (e.g.\ is +incremental introduction into an existing codebase possible). In the end, there +is a discussion about the current state. \subsection{Runtime Bounds Checks} @@ -168,18 +168,19 @@ then able to construct a payload, that keeps the canary intact. with dependent types. These types have an associated value, e.g.\ a pointer type can have the buffer size associated to it. This prevents indexing into a buffer with out-of-bounds values. This extension is a superset of C so any valid C code -can be compiled using the extension and the codebase can be improved -incrementally. If the type extension is advanced enough, the additional -information can even be used as the base of a formal verification. +can be compiled using the extension and the codebase is improved incrementally. +If the type extension is advanced enough, the additional information might form +the base for a formal verification. \subsection{Address Space Layout Randomization} \Ac{aslr} aims to prevent exploitatoin of \acp{bof} by placing code at random locations in memory. That way, it is not trivial to set the return address to point to the payload in memory. This is effective against generic exploits but -can still be exploited in combination with information leaks or other techniques -like heap spraying. Also on 32 bit systems, the address space is small enough to -try a brute-force attempt until the payload in memory is hit. +it is still posible to exploit \ac{bof} vulnerabilities in combination with +information leaks or other techniques like heap spraying. Also on 32 bit +systems, the address space is small enough to try a brute-force attempt until +the payload in memory is hit. \subsection{w\^{}x Memory} @@ -281,7 +282,7 @@ unsafe C. \printbibliography{} % \bibliographystyle{IEEEtran} % \bibliography{bibliography} -\printacronyms{} +% \printacronyms{} \end{document} % vim: set filetype=tex ts=2 sw=2 tw=80 et spell : diff --git a/work/bibliography.bib b/work/bibliography.bib index 28f8747..27dcd1b 100644 --- a/work/bibliography.bib +++ b/work/bibliography.bib @@ -1,45 +1,46 @@ own: @inproceedings{TypeAssisted2002, - author = {Lhee, Kyung-suk and Chapin, Steve J.}, - booktitle = {11\textsuperscript{th} USENIX Security Symposium}, + author = {{Lhee, Kyung-suk and Chapin, Steve J.}}, + booktitle = {{11\textsuperscript{th} USENIX Security Symposium}}, + % no conference abbreviation title = {{Type-Assisted Dynamic Buffer Overflow Detection}}, year = {2002} } @inproceedings{Detection2018, - author = {Chaim, Marcos and Santos, Daniel and Cruzes, Daniela}, - booktitle = {International Journal of Systems and Software Security and Protection}, - title = {What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability}, + author = {{Chaim, Marcos and Santos, Daniel and Cruzes, Daniela}}, + booktitle = {{International Journal of Systems and Software Security and Protection (IJSSSP)}}, + title = {{What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability}}, year = {2018} } @inproceedings{AtkDef2016, - author = {Wang, Wei}, - booktitle = {7\textsuperscript{th} International Conference on Education, Management, Information and Computer Science (ICEMC 2017)}, - title = {Survey of Attacks and Defenses on Stack-based Buffer Overflow Vulnerability}, + author = {{Wang, Wei}}, + booktitle = {{7\textsuperscript{th} International Conference on Education, Management, Information and Computer Science (ICEMC 2017)}}, + title = {{Survey of Attacks and Defenses on Stack-based Buffer Overflow Vulnerability}}, year = {2017} } @INPROCEEDINGS{Effectiveness2014, -author={H. M. {Gisbert} and I. {Ripoll}}, -booktitle={IEEE 13\textsuperscript{th} International Symposium on Network Computing and Applications}, -title={On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows}, +author={{H. M. {Gisbert} and I. {Ripoll}}}, +booktitle={{IEEE 13\textsuperscript{th} International Symposium on Network Computing and Applications (ISNCA)}}, +title={{On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows}}, year={2014}, } @inproceedings{Rad2001, -author = {Chiueh, Tzi-cker and Hsu, Fu-Hau}, -booktitle = {21\textsuperscript{st} International Conference on Distributed Computing Systems}, +author = {{Chiueh, Tzi-cker and Hsu, Fu-Hau}}, +booktitle = {{21\textsuperscript{st} International Conference on Distributed Computing Systems}}, title = {{RAD: A Compile-Time Solution to Buffer Overflow Attacks}}, year = {2001} } @inproceedings{Stackguard1998, - author = {Cowan, Crispan and Po, Calton and Maier, Dave and Walpole, Jonathan + author = {{Cowan, Crispan and Po, Calton and Maier, Dave and Walpole, Jonathan and Bakke, Peat and Beattie, Steve and Grier, Aaron and Wagle, Perru and - Yhang, Qian}, - booktitle = {7\textsuperscript{th} USENIX Security Symposium}, + Yhang, Qian}}, + booktitle = {{7\textsuperscript{th} USENIX Security Symposium}}, title = {{StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks}}, year = {1998} @@ -47,36 +48,36 @@ year = {2001} @ARTICLE{Smashing2004, author={J. {Pincus} and B. {Baker}}, - journal={IEEE Security Privacy}, - title={Beyond stack smashing: recent advances in exploiting buffer overruns}, + journal={{IEEE Security \& Privacy}}, + title={{Beyond stack smashing: recent advances in exploiting buffer overruns}}, year={2004}, volume={2}, number={4}, } @article{Counter2012, - author = {Younan, Yves and Joosen, Wouter and Piessens, Frank}, + author = {{Younan, Yves and Joosen, Wouter and Piessens, Frank}}, title = {{Runtime countermeasures for code injection attacks against C and C++ programs}}, year={2012}, - journal = {ACM Computing Surveys (CSUR)}, + journal = {{ACM Computing Surveys (CSUR)}}, volume = {44}, number = {3}, } @InProceedings{Dep2007, -author={Condit, Jeremy +author={{Condit, Jeremy and Harren, Matthew and Anderson, Zachary and Gay, David -and Necula, George C.}, -title={Dependent Types for Low-Level Programming}, -booktitle={Programming Languages and Systems}, +and Necula, George C.}}, +title={{Dependent Types for Low-Level Programming}}, +booktitle={{Programming Languages and Systems}}, year={2007} } @ONLINE{Cve2018, - author={MITRE}, + author={{MITRE}}, title={{Security Vulnerabilities Published In 2018(Overflow)}}, urlDate = {2019-11-10}, year = {2018},