Binary rewriting and call interception for efficient runtime protection against buffer overflows

Kumar Avijit; Prateek Gupta; Deepak Gupta

doi:10.1002/spe.720

Binary rewriting and call interception for efficient runtime protection against buffer overflows

Software Practice and Experience ◽

10.1002/spe.720 ◽

2006 ◽

Vol 36 (9) ◽

pp. 971-998 ◽

Cited By ~ 2

Author(s):

Kumar Avijit ◽

Prateek Gupta ◽

Deepak Gupta

Keyword(s):

Binary Rewriting ◽

Buffer Overflows

Download Full-text

Verification of C Buffer Overflows in C Programs

2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet) ◽

10.1109/roedunet.2018.8514126 ◽

2018 ◽

Cited By ~ 1

Author(s):

Andreea Bican ◽

Razvan Deaconescu ◽

Wei Ngan Chin ◽

Quang-Trung Ta

Keyword(s):

C Programs ◽

Buffer Overflows

Download Full-text

Transient and Stationary Losses in a Finite-Buffer Queue with Batch Arrivals

Mathematical Problems in Engineering ◽

10.1155/2012/326830 ◽

2012 ◽

Vol 2012 ◽

pp. 1-17 ◽

Cited By ~ 6

Author(s):

Andrzej Chydzinski ◽

Blazej Adamczyk

Keyword(s):

Batch Size ◽

Buffer Size ◽

Arrival Process ◽

Time Interval ◽

Finite Buffer ◽

Finite Time Interval ◽

Batch Arrivals ◽

Batch Markovian Arrival Process ◽

Buffer Overflows ◽

Finite Buffer Queue

We present an analysis of the number of losses, caused by the buffer overflows, in a finite-buffer queue with batch arrivals and autocorrelated interarrival times. Using the batch Markovian arrival process, the formulas for the average number of losses in a finite time interval and the stationary loss ratio are shown. In addition, several numerical examples are presented, including illustrations of the dependence of the number of losses on the average batch size, buffer size, system load, autocorrelation structure, and time.

Download Full-text

Binary rewriting without control flow recovery

Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation ◽

10.1145/3385412.3385972 ◽

2020 ◽

Cited By ~ 1

Author(s):

Gregory J. Duck ◽

Xiang Gao ◽

Abhik Roychoudhury

Keyword(s):

Control Flow ◽

Binary Rewriting

Download Full-text

Modular checking for buffer overflows in the large

Proceeding of the 28th international conference on Software engineering - ICSE '06 ◽

10.1145/1134285.1134319 ◽

2006 ◽

Cited By ~ 36

Author(s):

Brian Hackett ◽

Manuvir Das ◽

Daniel Wang ◽

Zhe Yang

Keyword(s):

Buffer Overflows

Download Full-text

Testing for buffer overflows with length abstraction

Proceedings of the 2008 international symposium on Software testing and analysis - ISSTA '08 ◽

10.1145/1390630.1390636 ◽

2008 ◽

Cited By ~ 39

Author(s):

Ru-Gang Xu ◽

Patrice Godefroid ◽

Rupak Majumdar

Keyword(s):

Buffer Overflows

Download Full-text

Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems

Procedia Computer Science ◽

10.1016/j.procs.2016.04.270 ◽

2016 ◽

Vol 83 ◽

pp. 1301-1306 ◽

Cited By ~ 6

Author(s):

Erick Leon ◽

Stefan D. Bruda

Keyword(s):

Operating Systems ◽

Counter Measures ◽

Buffer Overflows

Download Full-text

Lightweight Hardware Synchronization for Avoiding Buffer Overflows in Network-on-Chips

Lecture Notes in Computer Science - Architecture of Computing Systems – ARCS 2018 ◽

10.1007/978-3-319-77610-1_9 ◽

2018 ◽

pp. 112-126 ◽

Cited By ~ 1

Author(s):

Martin Frieb ◽

Alexander Stegmeier ◽

Jörg Mische ◽

Theo Ungerer

Keyword(s):

Buffer Overflows

Download Full-text

Detecting Buffer Overflows Using Adaptive Test Case Generation

International Journal of Advancements in Computing Technology ◽

10.4156/ijact.vol3.issue11.29 ◽

2011 ◽

Vol 3 (11) ◽

pp. 231-237

Author(s):

Li Liang ◽

Lou Fang ◽

He ZhiQiang

Keyword(s):

Test Case Generation ◽

Test Case ◽

Adaptive Test ◽

Buffer Overflows

Download Full-text

Taint Graph of System Call Arguments for Intrusion Detection in Mobile Intelatrac

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.546-547.1101 ◽

2012 ◽

Vol 546-547 ◽

pp. 1101-1106

Author(s):

Dan Nie ◽

Yu Hui Wang

Keyword(s):

Intrusion Detection ◽

Control Flow ◽

System Call ◽

Mobile Telecommunication ◽

Control Data ◽

Critical Data ◽

Buffer Overflows ◽

System Calls ◽

Flow Information ◽

Behavior Profile

The intended data-flow in a vulnerable program is subject to be subverted by attacks which exploit buffer overflows or format string vulnerabilities to write data to unintended location. In Mobile Telecommunication it is especially important on data safety. These attacks can be classified into two types: control-flow-attacks exploit buffer overflows or other vulnerabilities to overwrite a return address, a function pointer, or some other piece of control-data; non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control-flow in the program. The control-flow attacks are well studied and widely used, so there are several typical approaches to prevent them, which monitor the sequence of system calls emitted by the application being monitored and utilize control-flow information of the system calls for intrusion detection. However, the non-control-data attacks are rare for the reason that they rely on specific semantics of the target applications, and there are only few works that defend them to some extent. In order to prevent non-control-data attacks, we leverage dynamic taint technique to track the instruction level relationship between different system call arguments and construct taint graph which can represent behavior profile of a benign program in this paper..

Download Full-text

Static binary rewriting without supplemental information: Overcoming the tradeoff between coverage and correctness

2013 20th Working Conference on Reverse Engineering (WCRE) ◽

10.1109/wcre.2013.6671280 ◽

2013 ◽

Cited By ~ 11

Author(s):

Matthew Smithson ◽

Khaled ElWazeer ◽

Kapil Anand ◽

Aparna Kotha ◽

Rajeev Barua

Keyword(s):

Binary Rewriting

Download Full-text