Title :
Arbitrary Copy: Bypassing Buffer-Overflow Protections
Author :
Piromsopa, Krerk ; Enbody, Richard J.
Author_Institution :
Dept. of Comput. Sci. & Eng., Michigan State Univ.
Abstract :
Recent advances in buffer-overflow protection are able to eliminate several common types of buffer-overflow attacks (e.g. stack smashing, jump table). In this paper, we introduce arbitrary copy, a type of buffer-overflow attack that is capable of bypassing most buffer-overflow solutions. By overflowing both source and destination pointers of any string copy (or similar) function, arbitrary copy is able to utilize a useful local address for attacking a system. This method can bypass even the most promising buffer-overflow protection that enforces the integrity of address such as secure bit (Piromsopa and Enbody, 2006) and MINOS (Crandal and Chong, 2004). Later, we analyze conditions necessary for the success of this attack. Though satisfying all necessary conditions for this attack should be difficult, our conclusion is that it is a potential threat and requires consideration
Keywords :
buffer circuits; security of data; MINOS; arbitrary copy; buffer-overflow attacks; buffer-overflow protections; computer security; destination pointers; intrusion detection; intrusion prevention; local address; secure bit; source pointers; Buffer overflow; Computer bugs; Computer science; Computer security; Computer worms; Computerized monitoring; Intrusion detection; Operating systems; Programming profession; Protection; Buffer overflow; Buffer-Overflow Attacks; Computer security; Intrusion Detection; Intrusion Prevention;
Conference_Titel :
Electro/information Technology, 2006 IEEE International Conference on
Conference_Location :
East Lansing, MI
Print_ISBN :
0-7803-9592-1
Electronic_ISBN :
0-7803-9593-X
DOI :
10.1109/EIT.2006.252213
