• DocumentCode
    3624714
  • Title

    Bypassing Data Execution Prevention on MicrosoftWindows XP SP2

  • Author

    Nenad Stojanovski;Marjan Gusev;Danilo Gligoroski;Svein.J. Knapskog

  • Author_Institution
    Macedonian Telecommunication
  • fYear
    2007
  • fDate
    4/1/2007 12:00:00 AM
  • Firstpage
    1222
  • Lastpage
    1226
  • Abstract
    The evolution of Microsoft Windows from a desktop operating system into a server operating system has brought attention to and concern of some severe security issues. Attacks that exploited buffer overflows started appearing for the services that were used on the new server operating system. Recently, Microsoft decided to implement a protective measure: data execution prevention - DEP in two of their products: Service Pack 2 for Windows XP and Service Pack 1 for Windows 2003. The measure has been implemented as one of the core security mechanisms with the intention to prevent the attackers from breaking into the system i.e., to prevent the execution of code in non-executable memory regions. In this paper we show that the initial implementation of the software for DEP in Windows XP Service Pack 2 is actually not at all secure and that stack overflow attacks against DEP are as effective as attacks against systems that do not have DEP
  • Keywords
    "Operating systems","Protection","Data security","Electrostatic precipitators","Buffer overflow","Linux","Sun","Hardware","Informatics","Quality of service"
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.54
  • Filename
    4159930