Buffer overflow and format string overflow vulnerabilities
KS Lhee, SJ Chapin - Software: practice and experience, 2003 - Wiley Online Library
Buffer overflow vulnerabilities are among the most widespread of security problems.
Numerous incidents of buffer overflow attacks have been reported and many solutions have …
Numerous incidents of buffer overflow attacks have been reported and many solutions have …
Countering code-injection attacks with instruction-set randomization
GS Kc, AD Keromytis, V Prevelakis - … of the 10th ACM conference on …, 2003 - dl.acm.org
We describe a new, general approach for safeguarding systems against any type of code-
injection attack. We apply Kerckhoff's principle, by creating process-specific randomized …
injection attack. We apply Kerckhoff's principle, by creating process-specific randomized …
Address obfuscation: An efficient approach to combat a broad range of memory error exploits
Attacks which exploit memory programming errors (such as buffer overflows) are one of
today's most serious security threats. These attacks require an attacker to have an in-depth …
today's most serious security threats. These attacks require an attacker to have an in-depth …
{PointGuard™}: Protecting Pointers from Buffer Overflow Vulnerabilities
Despite numerous security technologies crafted to resist buffer overflow vulnerabilities,
buffer overflows continue to be the dominant form of software security vulnerability. This is …
buffer overflows continue to be the dominant form of software security vulnerability. This is …
A taxonomy of computer worms
To understand the threat posed by computer worms, it is necessary to understand the
classes of worms, the attackers who may employ them, and the potential payloads. This …
classes of worms, the attackers who may employ them, and the potential payloads. This …
The verifying compiler: A grand challenge for computing research
T Hoare - Journal of the ACM (JACM), 2003 - dl.acm.org
This contribution proposes a set of criteria that distinguish a grand challenge in science or
engineering from the many other kinds of short-term or long-term research problems that …
engineering from the many other kinds of short-term or long-term research problems that …
[PDF][PDF] A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention.
J Wilander, M Kamkar - Ndss, 2003 - lass.cs.umass.edu
The size and complexity of software systems is growing, increasing the number of bugs.
Many of these bugs constitute security vulnerabilities. Most common of these bugs is the …
Many of these bugs constitute security vulnerabilities. Most common of these bugs is the …
Declaring and checking non-null types in an object-oriented language
M Fähndrich, KRM Leino - Proceedings of the 18th annual ACM …, 2003 - dl.acm.org
Distinguishing non-null references from possibly-null references at the type level can detect
null-related errors in object-oriented programs at compile-time. This paper gives a proposal …
null-related errors in object-oriented programs at compile-time. This paper gives a proposal …
CCured in the real world
J Condit, M Harren, S McPeak, GC Necula… - ACM SIGPLAN …, 2003 - dl.acm.org
CCured is a program transformation system that adds memory safety guarantees to C
programs by verifying statically that memory errors cannot occur and by inserting run-time …
programs by verifying statically that memory errors cannot occur and by inserting run-time …
Scriptroute: A public Internet measurement facility
N Spring - 4th USENIX Symposium on Internet Technologies and …, 2003 - usenix.org
We present Scriptroute, a system that allows ordinary Internet users to conduct network
measurements from remote vantage points. We seek to combine the flexibility found in …
measurements from remote vantage points. We seek to combine the flexibility found in …