Skip to main content
SpringerLink
Log in

Using Greedy Hamiltonian Call Paths to Detect Stack Smashing Attacks

  • Conference paper
Information Security (ISC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3225))

Included in the following conference series:

  • 855 Accesses

Abstract

The ICAT statistics over the past few years have shown at least one out of every five CVE and CVE candidate vulnerabilities have been due to buffer overflows. This constitutes a significant portion of today’s computer related security concerns. In this paper we introduce a novel method for detecting stack smashing and buffer overflow attacks. Our runtime method extracts return addresses from the program call stack and uses these return addresses to extract their corresponding invoked addresses from memory. We demonstrate how these return and invoked addresses can be represented as a directed weighted graph and used in the detection of stack smashing attacks. We introduce the concept of a Greedy Hamiltonian Call Path and show how the lack of such a path can be used to detect stack-smashing attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wagner, D., Foster, J., Brewer, E., Aiken, A.: A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In: Proceedings 7th Network and Distributed System Security Symposium (February 2000)

    Google Scholar 

  2. ICAT Vulnerability Statistics, Downloaded at: http://icat.nist.gov/icat.cfm?function=statistics

  3. SecurityTracker.com Statistics, Found at: http://www.securitytracker.com/learn/securitytracker-stats-2002.pdf

  4. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Waggle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer- Overflow Attacks. In: Proceedings of the 7th USENIX Security Conference, San Antonio, TX (1998)

    Google Scholar 

  5. Baratloo, A., Singh, N.: Transparent Run-Time Defense Against Stack Smashing Attacks. In: Proceedings of the 2000 USENIX Technical Conference, San Diego, CA (January 2002)

    Google Scholar 

  6. Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information.In: IEEE Symposium on Security and Privacy, Berkeley, CA (May 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences and Engineering, University of Florida, Gainesville, Florida, 32611

    Mark Foster, Joseph N. Wilson & Shigang Chen

Authors
  1. Mark Foster
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph N. Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shigang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of psychology, Chinese Academy of Sciences, 100101, Beijing, P.R. China

    Kan Zhang

  2. Department of Software & Information Systems, The University of North Carolina at Charlotte, 9201 University City Blvd, 28223-0001, Charlotte, NC, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Foster, M., Wilson, J.N., Chen, S. (2004). Using Greedy Hamiltonian Call Paths to Detect Stack Smashing Attacks. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30144-8_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23208-7

  • Online ISBN: 978-3-540-30144-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation