Abstract
The event-driven model is a model commonly used in the implementation of systems such as the Graphical User Interface (GUI). While it offers important advantages over alternative choices, it often exhibits security vulnerabilities due to its architectural characteristics in the handling of events. In this paper we examine the security vulnerabilities of event-driven systems and define the conditions that produce them. We show that a substantial number of these vulnerabilities follow the same principles with buffer overrun vulnerabilities and finally we provide countermeasures.
The author’s studies are funded by the State’s Scholarship Foundation (SSF) of Greece.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35586-3_46
Chapter PDF
Similar content being viewed by others
Keywords
References
Aleph One (1996). Smashing the stack for run and profit. Phrack, 7(49).
Berson, A. (1992). Client-server architecture. Computer Communications. McGraw-Hill, New York.
Dawson, S., Jahanian, F., and Mitton, T. (1997). Experiments on six commercial tcp implementations using a software fault injection tool. Software — Practice and Experience (SPE), 27(12):1385–1410.
Forrester, J. E. and Miller, B. P. (2000). An empirical study of the robustness of windows NT applications using random testing. 4th USENDC Windows Systems Symposium.
Ghosh, A. K. and Voas, J. M. (1999). Inoculating software for survivability. Communications of the ACM (CACM), 42(7):38–44.
Gollmann, D. (1999). Computer Security. Worldwide Series in Computer Science. John Wiley and Sons.
Lorin, H. and Deitel, H. M. (1981). Operating Systems. The Systems programming series. Addison-Wesley Publishing Company Inc.
Miller, B. P., Lee, C. P., Maganty, V., Murthy, R., Natarajan, A., and Steidl, J. (1995). Fuzz revisited: A re-examination of the reliability of unix utilities and services. Technical report, Computer Sciences Department, University of Wisconsin.
Shelton, C. P., Koopman, P., and DeVale, K. (2000). Robustness testing of the Microsoft Win32 API. Proceedings of the International Conference on Dependable Systems and Networks (DSN 2000), IEEE.
Smith, N. P. (1997). Stack smashing vulnerabilities in the unix operating system. http://destroy.net/machines/security/nate-buffer.ps.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Xenitellis, S. (2002). Security Vulnerabilities in Event-Driven Systems. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds) Security in the Information Society. IFIP Advances in Information and Communication Technology, vol 86. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35586-3_11
Download citation
DOI: https://doi.org/10.1007/978-0-387-35586-3_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1026-7
Online ISBN: 978-0-387-35586-3
eBook Packages: Springer Book Archive