Corrections
This commit is contained in:
parent
47dd1b7a2c
commit
cece183108
BIN
work/01paper.pdf
BIN
work/01paper.pdf
Binary file not shown.
@ -86,7 +86,7 @@ are almost always critical and result in code execution vulnerabilities or at
|
|||||||
least application crashes.
|
least application crashes.
|
||||||
|
|
||||||
In 2018, 14\% (2368 out of 16556)~\cite{Cve2018} of all software vulnerabilities
|
In 2018, 14\% (2368 out of 16556)~\cite{Cve2018} of all software vulnerabilities
|
||||||
that have a CVE assigned, were overflow relates. This shows that, even if this
|
that have a CVE assigned, were overflow related. This shows that, even if this
|
||||||
type of bug is very old and well known, it's still relevant today.
|
type of bug is very old and well known, it's still relevant today.
|
||||||
|
|
||||||
|
|
||||||
@ -125,12 +125,12 @@ int main(int argc, char **argv) {
|
|||||||
|
|
||||||
\subsection{Methods}
|
\subsection{Methods}
|
||||||
|
|
||||||
This paper will describe several techniques that have been proposed to fix the
|
This paper describes several techniques that have been proposed to fix the
|
||||||
problems introduced by \acp{bof}. The performance impact, effectiveness (e.g.\
|
problems introduced by \acp{bof}. The performance impact, effectiveness (e.g.\
|
||||||
did the technique actually prevent exploitation of \acp{bof}?) and how realistic
|
did the technique actually prevent exploitation of \acp{bof}?) and how realistic
|
||||||
it is for the technique to be used in real-world code (e.g.\ can it be
|
it is for developers to use the technique in real-world code (e.g.\ is
|
||||||
introduced into an existing codebase incrementally?). In the end, the current
|
incremental introduction into an existing codebase possible). In the end, there
|
||||||
state will be discussed.
|
is a discussion about the current state.
|
||||||
|
|
||||||
\subsection{Runtime Bounds Checks}
|
\subsection{Runtime Bounds Checks}
|
||||||
|
|
||||||
@ -168,18 +168,19 @@ then able to construct a payload, that keeps the canary intact.
|
|||||||
with dependent types. These types have an associated value, e.g.\ a pointer type
|
with dependent types. These types have an associated value, e.g.\ a pointer type
|
||||||
can have the buffer size associated to it. This prevents indexing into a buffer
|
can have the buffer size associated to it. This prevents indexing into a buffer
|
||||||
with out-of-bounds values. This extension is a superset of C so any valid C code
|
with out-of-bounds values. This extension is a superset of C so any valid C code
|
||||||
can be compiled using the extension and the codebase can be improved
|
can be compiled using the extension and the codebase is improved incrementally.
|
||||||
incrementally. If the type extension is advanced enough, the additional
|
If the type extension is advanced enough, the additional information might form
|
||||||
information can even be used as the base of a formal verification.
|
the base for a formal verification.
|
||||||
|
|
||||||
\subsection{Address Space Layout Randomization}
|
\subsection{Address Space Layout Randomization}
|
||||||
|
|
||||||
\Ac{aslr} aims to prevent exploitatoin of \acp{bof} by placing code at random
|
\Ac{aslr} aims to prevent exploitatoin of \acp{bof} by placing code at random
|
||||||
locations in memory. That way, it is not trivial to set the return address to
|
locations in memory. That way, it is not trivial to set the return address to
|
||||||
point to the payload in memory. This is effective against generic exploits but
|
point to the payload in memory. This is effective against generic exploits but
|
||||||
can still be exploited in combination with information leaks or other techniques
|
it is still posible to exploit \ac{bof} vulnerabilities in combination with
|
||||||
like heap spraying. Also on 32 bit systems, the address space is small enough to
|
information leaks or other techniques like heap spraying. Also on 32 bit
|
||||||
try a brute-force attempt until the payload in memory is hit.
|
systems, the address space is small enough to try a brute-force attempt until
|
||||||
|
the payload in memory is hit.
|
||||||
|
|
||||||
\subsection{w\^{}x Memory}
|
\subsection{w\^{}x Memory}
|
||||||
|
|
||||||
@ -281,7 +282,7 @@ unsafe C.
|
|||||||
\printbibliography{}
|
\printbibliography{}
|
||||||
% \bibliographystyle{IEEEtran}
|
% \bibliographystyle{IEEEtran}
|
||||||
% \bibliography{bibliography}
|
% \bibliography{bibliography}
|
||||||
\printacronyms{}
|
% \printacronyms{}
|
||||||
|
|
||||||
\end{document}
|
\end{document}
|
||||||
% vim: set filetype=tex ts=2 sw=2 tw=80 et spell :
|
% vim: set filetype=tex ts=2 sw=2 tw=80 et spell :
|
||||||
|
@ -1,45 +1,46 @@
|
|||||||
own:
|
own:
|
||||||
|
|
||||||
@inproceedings{TypeAssisted2002,
|
@inproceedings{TypeAssisted2002,
|
||||||
author = {Lhee, Kyung-suk and Chapin, Steve J.},
|
author = {{Lhee, Kyung-suk and Chapin, Steve J.}},
|
||||||
booktitle = {11\textsuperscript{th} USENIX Security Symposium},
|
booktitle = {{11\textsuperscript{th} USENIX Security Symposium}},
|
||||||
|
% no conference abbreviation
|
||||||
title = {{Type-Assisted Dynamic Buffer Overflow Detection}},
|
title = {{Type-Assisted Dynamic Buffer Overflow Detection}},
|
||||||
year = {2002}
|
year = {2002}
|
||||||
}
|
}
|
||||||
|
|
||||||
@inproceedings{Detection2018,
|
@inproceedings{Detection2018,
|
||||||
author = {Chaim, Marcos and Santos, Daniel and Cruzes, Daniela},
|
author = {{Chaim, Marcos and Santos, Daniel and Cruzes, Daniela}},
|
||||||
booktitle = {International Journal of Systems and Software Security and Protection},
|
booktitle = {{International Journal of Systems and Software Security and Protection (IJSSSP)}},
|
||||||
title = {What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability},
|
title = {{What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability}},
|
||||||
year = {2018}
|
year = {2018}
|
||||||
}
|
}
|
||||||
|
|
||||||
@inproceedings{AtkDef2016,
|
@inproceedings{AtkDef2016,
|
||||||
author = {Wang, Wei},
|
author = {{Wang, Wei}},
|
||||||
booktitle = {7\textsuperscript{th} International Conference on Education, Management, Information and Computer Science (ICEMC 2017)},
|
booktitle = {{7\textsuperscript{th} International Conference on Education, Management, Information and Computer Science (ICEMC 2017)}},
|
||||||
title = {Survey of Attacks and Defenses on Stack-based Buffer Overflow Vulnerability},
|
title = {{Survey of Attacks and Defenses on Stack-based Buffer Overflow Vulnerability}},
|
||||||
year = {2017}
|
year = {2017}
|
||||||
}
|
}
|
||||||
|
|
||||||
@INPROCEEDINGS{Effectiveness2014,
|
@INPROCEEDINGS{Effectiveness2014,
|
||||||
author={H. M. {Gisbert} and I. {Ripoll}},
|
author={{H. M. {Gisbert} and I. {Ripoll}}},
|
||||||
booktitle={IEEE 13\textsuperscript{th} International Symposium on Network Computing and Applications},
|
booktitle={{IEEE 13\textsuperscript{th} International Symposium on Network Computing and Applications (ISNCA)}},
|
||||||
title={On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows},
|
title={{On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows}},
|
||||||
year={2014},
|
year={2014},
|
||||||
}
|
}
|
||||||
|
|
||||||
@inproceedings{Rad2001,
|
@inproceedings{Rad2001,
|
||||||
author = {Chiueh, Tzi-cker and Hsu, Fu-Hau},
|
author = {{Chiueh, Tzi-cker and Hsu, Fu-Hau}},
|
||||||
booktitle = {21\textsuperscript{st} International Conference on Distributed Computing Systems},
|
booktitle = {{21\textsuperscript{st} International Conference on Distributed Computing Systems}},
|
||||||
title = {{RAD: A Compile-Time Solution to Buffer Overflow Attacks}},
|
title = {{RAD: A Compile-Time Solution to Buffer Overflow Attacks}},
|
||||||
year = {2001}
|
year = {2001}
|
||||||
}
|
}
|
||||||
|
|
||||||
@inproceedings{Stackguard1998,
|
@inproceedings{Stackguard1998,
|
||||||
author = {Cowan, Crispan and Po, Calton and Maier, Dave and Walpole, Jonathan
|
author = {{Cowan, Crispan and Po, Calton and Maier, Dave and Walpole, Jonathan
|
||||||
and Bakke, Peat and Beattie, Steve and Grier, Aaron and Wagle, Perru and
|
and Bakke, Peat and Beattie, Steve and Grier, Aaron and Wagle, Perru and
|
||||||
Yhang, Qian},
|
Yhang, Qian}},
|
||||||
booktitle = {7\textsuperscript{th} USENIX Security Symposium},
|
booktitle = {{7\textsuperscript{th} USENIX Security Symposium}},
|
||||||
title = {{StackGuard: Automatic Adaptive Detection and Prevention of
|
title = {{StackGuard: Automatic Adaptive Detection and Prevention of
|
||||||
Buffer-Overflow Attacks}},
|
Buffer-Overflow Attacks}},
|
||||||
year = {1998}
|
year = {1998}
|
||||||
@ -47,36 +48,36 @@ year = {2001}
|
|||||||
|
|
||||||
@ARTICLE{Smashing2004,
|
@ARTICLE{Smashing2004,
|
||||||
author={J. {Pincus} and B. {Baker}},
|
author={J. {Pincus} and B. {Baker}},
|
||||||
journal={IEEE Security Privacy},
|
journal={{IEEE Security \& Privacy}},
|
||||||
title={Beyond stack smashing: recent advances in exploiting buffer overruns},
|
title={{Beyond stack smashing: recent advances in exploiting buffer overruns}},
|
||||||
year={2004},
|
year={2004},
|
||||||
volume={2},
|
volume={2},
|
||||||
number={4},
|
number={4},
|
||||||
}
|
}
|
||||||
|
|
||||||
@article{Counter2012,
|
@article{Counter2012,
|
||||||
author = {Younan, Yves and Joosen, Wouter and Piessens, Frank},
|
author = {{Younan, Yves and Joosen, Wouter and Piessens, Frank}},
|
||||||
title = {{Runtime countermeasures for code injection attacks against C and C++ programs}},
|
title = {{Runtime countermeasures for code injection attacks against C and C++ programs}},
|
||||||
year={2012},
|
year={2012},
|
||||||
journal = {ACM Computing Surveys (CSUR)},
|
journal = {{ACM Computing Surveys (CSUR)}},
|
||||||
volume = {44},
|
volume = {44},
|
||||||
number = {3},
|
number = {3},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@InProceedings{Dep2007,
|
@InProceedings{Dep2007,
|
||||||
author={Condit, Jeremy
|
author={{Condit, Jeremy
|
||||||
and Harren, Matthew
|
and Harren, Matthew
|
||||||
and Anderson, Zachary
|
and Anderson, Zachary
|
||||||
and Gay, David
|
and Gay, David
|
||||||
and Necula, George C.},
|
and Necula, George C.}},
|
||||||
title={Dependent Types for Low-Level Programming},
|
title={{Dependent Types for Low-Level Programming}},
|
||||||
booktitle={Programming Languages and Systems},
|
booktitle={{Programming Languages and Systems}},
|
||||||
year={2007}
|
year={2007}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ONLINE{Cve2018,
|
@ONLINE{Cve2018,
|
||||||
author={MITRE},
|
author={{MITRE}},
|
||||||
title={{Security Vulnerabilities Published In 2018(Overflow)}},
|
title={{Security Vulnerabilities Published In 2018(Overflow)}},
|
||||||
urlDate = {2019-11-10},
|
urlDate = {2019-11-10},
|
||||||
year = {2018},
|
year = {2018},
|
||||||
|
Loading…
Reference in New Issue
Block a user