Title :
OverCovert: Using Stack-Overflow Software Vulnerability to Create a Covert Channel
Author :
Fatayer, Tamer S. ; Khattab, Sherif ; Omara, Fatma A.
Author_Institution :
Dept. of Comput. Sci., Alaqsa Univ., Palestinian Authority
Abstract :
Abstract-Attackers exploit software vulnerabilities, such as stack overflow, heap overflow, and format string errors, to break into victim machines and implant backdoors to maintain access. They typically use obfuscation techniques, such as encryption and covert channels, to hide their command-and-control traffic and avoid detection. In this paper, we show how a vulnerable program can be used to create a covert channel that allows an entity (e.g., an attacker) to stealthily send information to another remote entity (e.g., a backdoor). The proposed covert channel, for which we coin the term OverCovert, is based on the common return-to-libc stack-overflow attack and the address space layout randomization defense. We implemented a proof-of-concept of OverCovert under Linux and evaluated its throughput sending files of different formats. We also propose and analyze techniques to improve channel undetectability and throughput.
Keywords :
Linux; authorisation; command and control systems; software reliability; stacking; Linux; OverCovert; address space layout randomization defense; command and control traffic; covert channel; format string error; heap overflow; obfuscation technique; proof of concept; return-to-libc stack overflow attack; stack overflow software vulnerability; vulnerable program; Authentication; Cryptography; Monitoring; Probes; Servers; Software; Throughput;
Conference_Titel :
New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-8705-9
Electronic_ISBN :
2157-4952
DOI :
10.1109/NTMS.2011.5720645
