[adamantix:03]
Adamantix Project. Adamantix, 2003. http://www.adamantix.com/.
[ bib ]

Keywords: address randomization

[aleph:96]
Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), November 1996.
[ bib | http ]

Over the last few months there has been a large increase of bufferoverflow vulnerabilities being both discovered and exploited. Examplesof these are syslog, splitvt, sendmail 8.7.5, Linux/FreeBSD mount, Xt library, at, etc. This paper attempts to explain what buffer overflows are, and how their exploits work.

Basic knowledge of assembly is required. An understanding of virtual memory concepts, and experience with gdb are very helpful but not necessary.We also assume we are working with an Intel x86 CPU, and that the operating system is Linux.

Some basic definitions before we begin: A buffer is simply a contiguous block of computer memory that holds multiple instances of the same data type. C programmers normally associate with the word buffer arrays. Most commonly, character arrays. Arrays, like all variables in C, can be declared either static or dynamic. Static variables are allocated at load time on the data segment. Dynamic variables are allocated at run time on the stack. To overflow is to flow, or fill over the top, brims, or bounds. We will concern ourselves only with the overflow of dynamic buffers, otherwiseknown as stack-based buffer overflows.

Keywords: code-injection attack

[anderson:01]
R. Anderson. Why information security is hard - An economic perspective, Jan 2001. http://www.cl.cam.ac.uk/ftp/users/rja14/econ.pdf.
[ bib | .pdf ]

Keywords: security-economics

[anon:02]
Anonymous. Bypassing PaX ASLR protection. Phrack, 11(59), Jul 2002.
[ bib | .txt ]

Keywords: address randomization

[arbaugh:03]
W.A. Arbaugh. Firewalls: An outdated defense. IEEE Computer, 36(6):112-113, Jun 2003.
[ bib | http ]

[arbaugh:00]
W.A. Arbaugh, B. Fithen, and J. McHugh. Windows of vulnerability: A case study analysis. IEEE Computer, 33(12):52-59, Dec 2000.
[ bib | http ]

[ashcraft:02]
K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In Proc. of the 2002 IEEE Symposium on Security and Privacy, May 2002.
[ bib | .pdf ]

[bain:01]
C. Bain, D. Faatz, A. Fayad, and D. Williams. Diversity as a defense strategy in information systems. Technical report, The MITRE Corporation, 2001.
[ bib | .pdf ]

[barat:00]
A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In Proc. of the 2000 Usenix Annual Technical Conference, Jun 2000.
[ bib | .pdf ]

Keywords: buffer-overflow prevention, buffer-overflow detection

[barrantes:03b]
E.G. Barrantes, D.H. Ackley, S. Forrest, T.S. Palmer, A. Stefanovic, and D.D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. of the 10th ACM Conference on Computer and Communications Security, Oct 2003.
[ bib ]

[barrantes:03]
E.G. Barrantes, D.H. Ackley, T.S. Palmer, D.D. Zovi, S. Forrest, and A. Stefanovic. Randomized instruction set emulation to disrupt binary code injection attacks. Technical Report TR-CS-2003-10, University of New Mexico, Feb 2003.
[ bib | .pdf ]

[batten:01]
C. Batten, K. Barr, A. Saraf, and S. Trepetin. pStore: A secure peer-to-peer backup system. Technical Report LCS Technical Memo 632, Massachusetts Institute of Technology Laboratory for Computer Science, Oct 2001.
[ bib | .pdf ]

[bellovin:03]
S.M. Bellovin and E.R. Gansner. Using link cuts to attack internet routing. ***** UNPUBLISHED DO NOT CITE *****, May 2003.
[ bib | .pdf ]

Keywords: unpublished, routing-security

[berna:00]
M. Bernaschi, E. Gabrielli, and L.V. Mancini. Operating system enhancements to prevent the misuse of system calls. In Proc. of the 7th ACM Conference on Computer and Communications Security, pages 174-183, 2000.
[ bib | http ]

Keywords: program flow control

[bhatkar:03]
S. Bhatkar, D.C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proc. of the 12th Usenix Security Symposium, Aug 2003.
[ bib | .pdf ]

Keywords: address randomization

[blakley:96]
B. Blakley. The emperor's old armor. In Proceedings of the 1996 workshop on New security paradigms, pages 2-16. ACM Press, 1996.
[ bib | http ]

[blaze:99]
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote trust-management system version 2. RFC 2704, IETF, Sep 1999.
[ bib ]

[browne:01]
H.K. Browne, W.A. Arbaugh, J. McHugh, and W.L. Fithen. A trend analysis of exploitations. In Proc. of the 2001 IEEE Symposium on Security and Privacy, pages 214-229, May 2001.
[ bib | http ]

[brunner:76]
J. Brunner. The Shockwave Rider. Ballantine Books, Inc., 1976.
[ bib ]

[cmu:03]
Carnegie Mellon University. Carnegie Mellon researchers tap biology to fend off computer worms, virus attacks, Nov 2003. http://www.cmu.edu/PR/releases03/031120_cyber.html.
[ bib | .html ]

[cert:03b]
CERT Coordination Center. Incident and vulnerability trends, May 2003. http://www.cert.org/present/cert-overview-trends/.
[ bib | http ]

[cert:03]
CERT Coordination Center. CERT/CC statistics 1988-2003, 2004. http://www.cert.org/stats/.
[ bib | http ]

[chakrab:02]
A. Chakrabarti and B. Manimaran. Internet infrastructure security: A taxonomy. IEEE Network, 16(6):13-21, Nov-Dec 2002.
[ bib | http ]

[chase:94]
J.S. Chase, H.M. Levy, M.J. Feeley, and E.D. Lazowska. Sharing and protection in a single-address-space operating system. ACM Transactions on Computer Systems, 12(4):271-307, 1994.
[ bib | http ]

[chen:01]
P.M. Chen and B.D. Noble. When virtual is better than real. In Proc. of the 8th IEEE Workshop on Hot Topics in Operating Systems, May 2001.
[ bib | .pdf ]

[song:02]
M. Chew and D. Song. Mitigating buffer overflows by operating system randomization. Technical Report CMU-CS-02-197, Carnegie Mellon University, Dec 2002.
[ bib | .pdf ]

Keywords: address randomization

[clarke:02]
I. Clarke, T.W. Hong, S.G. Miller, O. Sandberg, and B. Wiley. Protecting free expression online with Freenet. IEEE Internet Computing, 6(1):40-49, 2002.
[ bib | .html ]

Keywords: anti-censorship, anonymity

[clarke:01]
I. Clarke, O. Sandberg, B. Wiley, and T.W. Hong. Freenet: A distributed anonymous information storage and retrieval system. Lecture Notes in Computer Science, 2009, 2001.
[ bib | .html ]

Keywords: anti-censorship, anonymity

[cohen:92]
F.B. Cohen. Operating system protection through program evolution, 1992. http://www.all.net/books/IP/evolve.html.
[ bib | .html ]

[cowan:03]
C. Cowan. Software security for open-source systems. IEEE Security & Privacy, 1(1):38-45, Jan-Feb 2003.
[ bib | http ]

[cowan:01]
C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, M. Frantzen, and J. Lokier. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proc. of the 10th Usenix Security Symposium, Aug 2001.
[ bib | .pdf ]

Keywords: buffer-overflow prevention

[cowan:03b]
C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuardTM: Protecting pointers from buffer overflow vulnerabilities. In Proc. of the 12th Usenix Security Symposium, Aug 2003.
[ bib | .pdf ]

[cowan:00b]
C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor. SubDomain: Parsimonious server security. In Proc. of the 14th Usenix Large Installation Systems Administration Conference (LISA), pages 355-367, Dec 2000.
[ bib | .pdf ]

[cowan:01b]
C. Cowan, S. Beattie, C. Wright, and G. Kroah-Hartman. RaceGuard: Kernel protection from temporary file race vulnerabilities. In Proc. of the 10th Usenix Security Symposium, Aug 2001.
[ bib | .pdf ]

[cowan:00c]
C. Cowan, H. Hinton, C. Pu, and J. Walpole. The cracker patch choice: An analysis of post hoc security techniques. In Proc. of the 23rd National Information Systems Security Conference (NISSC), Oct 2000.
[ bib | .pdf ]

[cowan:98]
C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. of the 7th Usenix Security Symposium, pages 63-78, Jan 1998.
[ bib | .pdf ]

Keywords: buffer-overflow detection

[cowan:00]
C. Cowan, F. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference & Exposition - Volume 2, pages 119-129, Jan 2000.
[ bib | http ]

Keywords: buffer-overflow detection

[cryptoapi:03]
CryptoAPI. The GNU/Linux CryptoAPI, 2003. http://www.kerneli.org/.
[ bib | http ]

[deswarte:98]
Y. Deswarte, K. Kanoun, and J.-C. Laprie. Diversity against accidental and deliberate faults. In Proc. of Computer Security, Dependability and Assurance: From Needs to Solutions, pages 171-181, 1998.
[ bib | http ]

The paper is aimed at examining the relationship between the three topics of the workshops that gave rise to this book: security, fault tolerance, and software assurance. Those three topics can be viewed as different facets of dependability. The paper focuses on diversity, as a desirable approach for addressing the classes of faults that underlay all these topics, i.e., design faults and intrusion faults.

[dunlap:02]
G.W. Dunlap, S.T. King, S. Cinar, M.A. Basrai, and P.M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. of the 2002 Symposium on Operating Systems Design and Implementation, Dec 2002.
[ bib | .pdf ]

Keywords: intrusion detection

[eisen:89]
T. Eisenberg, D. Gries, J. Hartmanis, D. Holcomb, M.S. Lynn, and T. Santoro. The Cornell commission: On Morris and the worm. Communications of the ACM, 32(6):706-709, Jun 1989.
[ bib ]

Keywords: worms

[elfsh:03]
ELFsh Project. ELF shell, 2003. http://www.devhell.org/~mayhem/projects/elfsh/.
[ bib | http ]

Keywords: binary rewriting

[etoh:03]
H. Etoh. GCC extension for protecting applications from stack-smashing attacks (ProPolice), 2003. http://www.trl.ibm.com/projects/security/ssp/.
[ bib | http ]

Keywords: buffer-overflow detection

[fayolle:02]
P-A. Fayolle and V. Glaume. A buffer overflow study: Attacks and defenses. http://www.securityfocus.com/library/3797, 2002.
[ bib | http ]

Keywords: code-injection attack, buffer-overflow detection

[ferguson:03]
N. Ferguson and B. Schneier. Practical Cryptography. Wiley Publishing, Inc., 2003.
[ bib ]

[fetzer:01]
C. Fetzer and Z. Xiao. Detecting heap buffer overflow through fault containment wrappers. In Proc. of the IEEE Symposium on Reliable Distributed Systems, Oct 2001.
[ bib | .pdf ]

Keywords: buffer-overflow prevention

[forrest:97]
S. Forrest, A. Somayaji, and D.H. Ackley. Building diverse computer systems. In Proc. of the 6th IEEE Workshop on Hot Topics in Operating Systems, pages 67-72, 1997.
[ bib | .pdf ]

[frantzen:01]
M. Frantzen and M. Shuey. StackGhost: Hardware facilitated stack protection. In Proc. of the 10th Usenix Security Symposium, pages 55-66, 2001.
[ bib | .pdf ]

Keywords: buffer-overflow detection

[fraser:00]
T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In Proc. of the 2000 IEEE Symposium on Security and Privacy, May 2000.
[ bib | .pdf ]

[fraser:01]
T. Fraser. LOMAC: MAC you can live with. In Proc. of the 2001 Usenix Annual Technical Conference, Jun 2001.
[ bib | .pdf ]

[garfinkel:03]
Tal Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, Feb 2003.
[ bib | .pdf ]

[geer:03]
D. Geer. Monopoly considered harmful. IEEE Security & Privacy Magazine, 1(6):14-16, Dec 2003.
[ bib | http ]

[geer:03b]
D. Geer, R. Bace, P. Gutmann, P. Metzger, C.P. Pfleeger, J.S. Quarterman, and B. Schneier. Cyber insecurity: The cost of monopoly. Technical report, Computer & Communications Industry Association, 2003.
[ bib | .pdf ]

[hardgentoo:03]
Gentoo Linux Project. Hardened Gentoo, 2003. http://www.gentoo.org/proj/en/hardened/.
[ bib | http ]

Keywords: address randomization

[gleitz:01]
P.M. Gleitz and S.M. Bellovin. Transient addressing for related processes: Improved firewalling by using IPV6 and multiple addresses per host. In Proc. of the 10th Usenix Security Symposium, Aug 2001.
[ bib | .pdf ]

[goth:03]
G. Goth. Addressing the monoculture. IEEE Security & Privacy Magazine, 1(6):8-10, Dec 2003.
[ bib | http ]

[guninski:04]
G. Guninski. Remote openbsd crash with ip6, yet still openbsd much better than windows, Jan 2004. http://www.guninski.com/obsdmtu.html.
[ bib | http ]

[hagimont:96]
D. Hagimont, J. Mossière, and Jr C.W. Hemming. Hidden capabilities: Towards a flexible protection utility for the Internet. In Proc. of the seventh workshop on ACM SIGOPS European workshop, pages 219-223, 1996.
[ bib | http ]

[holtzman:03]
D.H. Holtzman. Diversity training. CSO Magazine, Jun 2003.
[ bib | .html ]

[jim:02]
T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proc. of the 2002 Usenix Annual Techincal Conference, pages 275-288, Jun 2002.
[ bib | .pdf ]

Keywords: buffer-overflow prevention

[junqu:03]
F. Junqueira, R. Bhagwan, K. Marzullo, S. Savage, and G.M. Voelker. The Phoenix recovery system: Rebuilding from the ashes of an Internet catastrophe. Technical Report CS2003-0732, University of California, San Diego, Jan 2003.
[ bib | http ]

[junqu:03b]
F. Junqueira and K. Marzullo. Synchronous consensus for dependent process failures. In Proc. of the ICDCS 2003, 2003.
[ bib | .pdf ]

Keywords: fault-tolerance

[jurisic:03]
M. Jurisic. Signing prebound executables on Mac OS X. In Proc. of MacHack 2003, Jun 2003.
[ bib | .pdf ]

Because of prebinding, Mac OS X modifies executable files after they are installed. These modifications change cryptographic signatures of the executables, thus making it impractical to rely on cryptograhic signatures to verify integrity of Mac OS X executables. This paper discusses how cryptographic signatures can be computed for Mac OS X executables in such a way that the signatures are not modified by prebinding

[kain:86]
R.Y. Kain and C.E. Landwehr. On access checking in capability-based systems. In Proc. of the 1986 IEEE Symposium on Security and Privacy, pages 95-101, May 1986.
[ bib | .pdf ]

Keywords: capabilities

[kc:03]
G.S. Kc, A.D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proc. of the 10th ACM Conference on Computer and Communications Security, Oct 2003.
[ bib ]

[king:03]
S.T. King, G.W. Dunlap, and P.M. Chen. Operating system support for virtual machines. In Proc. of the 2003 Usenix Annual Technical Conference, 2003.
[ bib | .pdf ]

[kirian:02]
V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. of the 11th Usenix Security Symposium, Aug 2002.
[ bib | .pdf ]

Keywords: program flow control

[kubiat:00]
J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao. OceanStore: An architecture for global-scale persistent storage. In Proceedings of ACM ASPLOS. ACM, Nov 2000.
[ bib | .html ]

[land:97]
C.E. Landwehr and D.M. Goldschlag. Security issues in networks with Internet access. Proceedings of the IEEE, 85:2034-2051, Dec 1997.
[ bib | http ]

[larson:03]
E. Larson and T. Austin. High coverage detection of input-related security faults. In Proc. of the 12th Usenix Security Symposium, Aug 2003.
[ bib | .pdf ]

Keywords: buffer-overflow prevention

[lewis:02]
J.A. Lewis. Assessing the risks of cyber terrorism, cyber war and other cyber threats. Technical report, Center for Strategic and International Studies, Dec 2002.
[ bib | .pdf ]

[mcgraw:02]
G. McGraw. Building secure software: Better than protecting bad software. IEEE Software, 19(6):57-59, Nov/Dec 2002.
[ bib | http ]

[mcgraw:03]
G. McGraw. From the ground up: The DIMACS software security workshop. IEEE Security & Privacy, 1(2):59-66, Mar/Apr 2003.
[ bib | http ]

[mcgraw:00]
G. McGraw and G. Morrisett. Attacking malicious code: A report to the Infosec Research Council. IEEE Software, 17(5):33-41, Sep/Oct 2000.
[ bib | .pdf ]

[michael:00]
C.C. Michael, A. Bartle, J. Viega, A. Hulot, N. Jarymowycz, J.R. Mills, B. Sohr, and B. Arkin. Two systems for automatic software diversification. In DARPA Information Survivability Conference & Exposition - Volume 2, pages 220-230, Jan 2000.
[ bib | http ]

[moore:03]
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The spread of the sapphire/slammer worm. Technical report, CAIDA, ICSI, Silicon Defense, UC Berkeley EECS and UC San Diego CSE, 2003.
[ bib ]

Keywords: worms

[moore:02]
D. Moore, C. Shannon, and J. Brown. Code-Red: a case study on the spread and victims of an Internet worm. In Proc. of Internet Measurement Workshop 2002, Nov 2002.
[ bib | .pdf ]

Keywords: worms

[moore:03b]
D. Moore, C. Shannon, G.M. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code. In Proc. of INFOCOM 2003, 2003.
[ bib | .pdf ]

Keywords: worms

[nergal:01]
Nergal. The advanced return-into-lib(c) exploits: PaX case study. Phrack, 11(58), Dec 2001.
[ bib | http ]

Keywords: address randomization

[odlyzko:03]
A. Odlyzko. Economics, psychology, and sociology of security. In Proc. of Financial Cryptography 2003, 2003.
[ bib | .pdf ]

Keywords: security-economics

[palmer:01]
T. Palmet, D.D. Zovi, and D. Stefanovic. SIND: A framework for binary translation. Technical Report TR-CS-2001-38, University of New Mexico, 2001.
[ bib | .pdf ]

Keywords: binary rewriting

[pax:03b]
PaX Project. Address space layout randomization, Mar 2003. http://pageexec.virtualave.net/docs/aslr.txt.
[ bib ]

Keywords: address randomization

[pax:03e]
PaX Project. Kernel stack randomization, Jan 2003. http://pageexec.virtualave.net/docs/randkstack.txt.
[ bib | .txt ]

Keywords: address randomization

[pax:03d]
PaX Project. mmap() randomization, Jan 2003. http://pageexec.virtualave.net/docs/randmmap.txt.
[ bib | .txt ]

Keywords: address randomization

[pax:03c]
PaX Project. Non-relocatable executable file randomization, Feb 2003. http://pageexec.virtualave.net/docs/randexec.txt.
[ bib | .txt ]

Keywords: address randomization

[pax:03]
PaX Project. The PaX project, Nov 2003. http://pax.grsecurity.net/docs/pax.txt.
[ bib | .txt ]

Keywords: address randomization

[pax:03f]
PaX Project. Userland stack randomization, Feb 2003. http://pageexec.virtualave.net/docs/randustack.txt.
[ bib | .txt ]

Keywords: address randomization

[pax:03g]
PaX Project. Vma mirroring, May 2003. http://pageexec.virtualave.net/docs/vmmirror.txt.
[ bib | .txt ]

Keywords: address randomization

[prasad:03]
M. Prasad and T. Chiueh. A binary rewriting defense against stack based buffer overflow attacks. In Proc. of the 2003 Usenix Annual Technical Conference, Jun 2003.
[ bib | .ps ]

Keywords: binary rewriting, buffer-overflow detection

[openwall:03]
Openwall Project. Linux kernel patch from the Openwall Project, 2003. http://www.openwall.com/linux.
[ bib | http ]

Keywords: buffer-overflow detection

[provos:03b]
N. Provos. Improving host security with system call policies. In Proc. of the 12th Usenix Security Symposium, Aug 2003.
[ bib ]

Keywords: access control, capabilities

[provos:03]
N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In Proc. of the 12th Usenix Security Symposium, Aug 2003.
[ bib ]

Keywords: access control

[ptacek:98]
T. Ptacek and T. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, Inc., 1998.
[ bib ]

[robertson:03]
W. Robertson, C Kruegel, D. Mutz, and F Valeur. Run-time detection of heap-based overflows. In Proc. of the 17th Usenix Large Installation Systems Administration Conference (LISA), pages 51-60, Oct 2003.
[ bib | .pdf ]

[rochlis:89]
J.A. Rochlis and M.W. Eichin. With microscope and tweezers: The worm from MIT's perspective. Communications of the ACM, 32(6):689-698, Jun 1989.
[ bib ]

Keywords: worms

[rodrig:01]
R. Rodrigues, M. Castro, and B. Liskov. BASE: Using abstraction to improve fault tolerance. In Proc. of the 18th ACM Symposium on Operating System Principles, pages 15-28, 2001.
[ bib | http ]

Keywords: diversity, fault-tolerance

[rubin:01]
A.D. Rubin. White-Hat Security Arsenal. Addison Wesley, 2001.
[ bib ]

[rudis:03]
B. Rudis and P. Kostenbader. The enemy within: Firewalls and backdoors, Jun 2003. http://securityfocus.com/infocus/1701.
[ bib ]

[scanit:03]
Scanit. Browser security test, 2003. http://bcheck.scanit.be/bcheck/stats.php.
[ bib | http ]

[schneier:96]
B. Schneier. Applied Cryptography. John Wiley & Sons, Inc., 1996.
[ bib ]

[shoch:82]
J.F. Shoch and J.A. Hupp. The ``worm'' programs-Early experience with a distributed computation. Communications of the ACM, 25(3), Mar 1982.
[ bib ]

[smalley:03]
S. Smalley, T. Fraser, and C. Vance. Linux security modules: General security hooks for Linux, 2003. http://lsm.immunix.org/docs/overview/linuxsecuritymodule.html.
[ bib | .html ]

[smalley:01]
S. Smalley, C. Vance, and W. Salamon. Implementing SELinux as a Linux security module. NAI Labs Report #01-043, NAI Labs, Dec 2001. Revised May 2002.
[ bib | .pdf ]

[somay:98]
A. Somayaji, S. Hofmeyr, and S. Forrest. Principles of a computer immune system. In Proc. of 1997 New Security Paradigms Workshop, pages 75-82, 1998.
[ bib | .pdf ]

[spaff:89]
E.H. Spafford. The Internet worm: Crisis and aftermath. Communications of the ACM, 32(6):678-687, Jun 1989.
[ bib ]

Keywords: worms

[spaff:89b]
E.H. Spafford. The Internet worm incident. In Proc. of the 2nd European Software Engineering Conference, 1989.
[ bib | .pdf ]

Keywords: worms

[spencer:99]
R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau. The Flask security architecture: System support for diverse security policies. In Proc. of the 8th Usenix Security Symposium, pages 123-139, 1999.
[ bib | .pdf ]

Keywords: capabilities

[spinellis:03]
D. Spinellis. Reflections on trusting trust revisited. Communications of the ACM, 46(6):112, Jun 2003.
[ bib | http ]

[thompson:84]
K. Thompson. Reflections on trusting trust. Communications of the ACM, 27(8):761-763, Aug 1984.
[ bib | http ]

[elf:95]
TIS Committee. Tool interface standard (TIS) executable and linking format (ELF) specification, May 1995. Version 1.2.
[ bib | .pdf ]

[varian:00]
H. Varian. Managing online security risks. The New York Times, Jun 1, 2000. http://www.nytimes.com/library/financial/columns/060100econ-scene.html.
[ bib | .html ]

Keywords: security-economics

[waldman:00]
M. Waldman, A.D. Rubin, and L.F. Cranor. Publius: A robust, tamper-evident, censorship-resistant, web publishing system. In Proc. of the 9th Usenix Security Symposium, pages 59-72, Aug 2000.
[ bib | .pdf ]

Keywords: anti-censorship

[weaver:02b]
N. Weaver. Potential strategies for high speed active worms: A worst case analysis. http://www.cs.berkeley.edu/$\sim$nweaver/worms.pdf, Mar 2002.
[ bib | .pdf ]

Keywords: worms

[weaver:02]
N. Weaver. Reflections on Brilliant Digital: Single points of Internet 0wnership. http://www.cs.berkeley.edu/$\sim$nweaver/0wn2.html, undated.
[ bib | .html ]

Keywords: worms

[wilander:03]
J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proc. of the 10th Network and Distributed System Security Symposium, Feb 2003.
[ bib | .pdf ]

Keywords: buffer-overflow prevention, buffer-overflow detection

[wright:02]
C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman. Linux security modules: General security support for the Linux kernel. In Proc. of the 11th Usenix Security Symposium, 2002.
[ bib | .pdf ]

Keywords: access control, capabilities

[xu:03]
J. Xu, Z. Kalbarczyk, and R.K. Iyer. Transparent runtime randomization for security. Technical Report UILU-ENG-03-2207, University of Illinois at Urbana-Champaign, May 2003.
[ bib | .pdf ]

A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes Transparent Runtime Randomization (TRR), a generalized approach for protecting against a wide range of security attacks. TRR dynamically and randomly relocates a program's stack, heap, shared libraries, and parts of its runtime control data structures inside the application memory address space. Making a program's memory layout different each time it runs foils the attacker's assumptions about the memory layout of the vulnerable program and makes the determination of critical address values difficult if not impossible. TRR is implemented by changing the Linux dynamic program loader, hence it is transparent to applications. We demonstrate that TRR is effective in defeating real security attacks, including malloc-based heap overflow, integer overflow, and doublefree attacks, for which effective prevention mechanisms are yet to emerge. Furthermore, TRR incurs less than 9% program startup overhead and no runtime overhead.

[xun:99]
L. Xun. A Linux executable editing library (LEEL), 1999. http://www.geocities.com/fasterlu/leel.htm.
[ bib | http ]

[zhang:00]
Y. Zhang and V. Paxson. Detecting backdoors. In Proc. of the 9th Usenix Security Symposium, 2000.
[ bib | .pdf ]

[zovi:02]
D.D. Zovi. Security Applications of Dynamic Binary Translation. B.S. honors thesis, University of New Mexico, Dec 2002.
[ bib | .pdf ]

Keywords: binary rewriting

This file has been generated by bibtex2html 1.65