Abstract
The ICAT statistics over the past few years have shown at least one out of every five CVE and CVE candidate vulnerabilities have been due to buffer overflows. This constitutes a significant portion of today’s computer related security concerns. In this paper we introduce a novel method for detecting stack smashing and buffer overflow attacks. Our runtime method extracts return addresses from the program call stack and uses these return addresses to extract their corresponding invoked addresses from memory. We demonstrate how these return and invoked addresses can be represented as a directed weighted graph and used in the detection of stack smashing attacks. We introduce the concept of a Greedy Hamiltonian Call Path and show how the lack of such a path can be used to detect stack-smashing attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wagner, D., Foster, J., Brewer, E., Aiken, A.: A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In: Proceedings 7th Network and Distributed System Security Symposium (February 2000)
ICAT Vulnerability Statistics, Downloaded at: http://icat.nist.gov/icat.cfm?function=statistics
SecurityTracker.com Statistics, Found at: http://www.securitytracker.com/learn/securitytracker-stats-2002.pdf
Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Waggle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer- Overflow Attacks. In: Proceedings of the 7th USENIX Security Conference, San Antonio, TX (1998)
Baratloo, A., Singh, N.: Transparent Run-Time Defense Against Stack Smashing Attacks. In: Proceedings of the 2000 USENIX Technical Conference, San Diego, CA (January 2002)
Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information.In: IEEE Symposium on Security and Privacy, Berkeley, CA (May 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Foster, M., Wilson, J.N., Chen, S. (2004). Using Greedy Hamiltonian Call Paths to Detect Stack Smashing Attacks. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive