DOI QR코드

DOI QR Code

Buffer Overflow Attack and Defense Techniques

  • Alzahrani, Sabah M. (Department of Computer Science, College of Computers and Information Technology, Taif University)
  • Received : 2021.12.05
  • Published : 2021.12.30

Abstract

A buffer overflow attack is carried out to subvert privileged program functions to gain control of the program and thus control the host. Buffer overflow attacks should be prevented by risk managers by eradicating and detecting them before the software is utilized. While calculating the size, correct variables should be chosen by risk managers in situations where fixed-length buffers are being used to avoid placing excess data that leads to the creation of an overflow. Metamorphism can also be used as it is capable of protecting data by attaining a reasonable resistance level [1]. In addition, risk management teams should ensure they access the latest updates for their application server products that support the internet infrastructure and the recent bug reports [2]. Scanners that can detect buffer overflows' flaws in their custom web applications and server products should be used by risk management teams to scan their websites. This paper presents an experiment of buffer overflow vulnerability and attack. The aims to study of a buffer overflow mechanism, types, and countermeasures. In addition, to comprehend the current detection plus prevention approaches that can be executed to prevent future attacks or mitigate the impacts of similar attacks.

Keywords

References

  1. Chiamwongpaet, Sirisara, and Krerk Piromsopa. "Boundary Bit: Architectural Bound Checking for Buffer-Overflow Protection." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 14.2 (2020): 162-173. Fan, X., Cao, J.: A Survey of Mobile Cloud Computing. ZTE Communications 9(1), 4-8 (2011) https://doi.org/10.37936/ecti-cit.2020142.212338
  2. Di, Bang, et al. "Efficient Buffer Overflow Detection on GPU." IEEE Transactions on Parallel and Distributed Systems 32.5 (2020): 1161-1177.
  3. Mihailescu, Marius Iulian, and Stefania Loredana Nita. "Brute Force and Buffer Overflow Attacks." Pro Cryptography and Cryptanalysis with C++ 20. Apress, Berkeley, CA, 2021. 423-434.
  4. Nicula, stefan, and Razvan Daniel Zota. "Exploiting stack-based buffer overflow using modern day techniques." Procedia Computer Science 160 (2019): 9-14. https://doi.org/10.1016/j.procs.2019.09.437
  5. Sah, Love Kumar, Sheikh Ariful Islam, and Srinivas Katkoori. "An efficient hardware-oriented runtime approach for stack-based software buffer overflow attacks." 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). IEEE, 2018.
  6. Seedsecuritylabs.org. 2021. Buffer-Overflow Vulnerability Lab. [online] Available at: [Accessed 12 November 2021].
  7. Wang, Zhilong, et al. "To detect stack buffer overflow with polymorphic canaries." 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2018.