The Community for Technology Leaders
Green Image
Issue No. 03 - May/June (2012 vol. 9)
ISSN: 1545-5971
pp: 305-317
Matt Bishop , University of California, Davis, Davis
Sean Whalen , University of California, Davis, Davis and Lawrence Berkeley National Laboratory, Berkeley
Damien Howard , Northwestern University School of Law, Chicago
Sophie Engle , University of San Francisco, San Francisco
ABSTRACT
Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.
INDEX TERMS
Protection mechanisms, software/program verification, security and privacy, arrays.
CITATION
Matt Bishop, Sean Whalen, Damien Howard, Sophie Engle, "A Taxonomy of Buffer Overflow Characteristics", IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 305-317, May/June 2012, doi:10.1109/TDSC.2012.10
97 ms
(Ver 3.3 (11022016))