首页> 外文会议>31st International Conference on Distributed Computing Systems >A New Class of Buffer Overflow Attacks

【24h】

A New Class of Buffer Overflow Attacks

机译：新型的缓冲区溢出攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this paper, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new'' expression in C++. "Placement new'' facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new'' have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. In this paper, we show how the "placement new'' expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage.

机译：在本文中，我们重点介绍由于C ++中的“ placement new”表达式而发生的一类缓冲区溢出漏洞，“ Placement new”有助于将对象/数组放置在特定的内存位置。如果没有适当的边界检查，则可能会发生对象溢出。这样的溢出可能导致堆栈以及堆/数据/ bss溢出，攻击者可以利用这些溢出来执行与缓冲区溢出相关的整个攻击范围。不幸的是，由于“ placement new”导致的缓冲区溢出尚未在文献中进行研究，也未纳入任何旨在检测和/或解决缓冲区溢出问题的工具中。可用于对堆栈以及堆/数据/ bss进行缓冲区溢出攻击。我们表明，溢出的对象和数组还可以用于执行虚拟表指针替换，以及函数和变量指针替换。此外，我们展示了如何使用“ placement new”来泄漏敏感信息，以及如何通过内存泄漏来进行拒绝服务攻击。

著录项

来源
《31st International Conference on Distributed Computing Systems 》|2011年|p.730-739|共10页
会议地点
作者
Kundu Ashish; Bertino Elisa;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类分布式计算机 ;
关键词
Attacks; Buffer overflow; Placement new; Security; Stack overflow; heap overflow;

机译：攻击;缓冲区溢出;新放置;安全性;堆栈溢出;堆溢出;

相似文献

外文文献
中文文献
专利

1. Determination of the asymptotic normalization coefficient (nuclear vertex constant) for $α + d \to^{6} Li$ from the new direct measured $d {(α, γ)}^{6} Li$ data and its implication for extrapolating the $d {(α, γ)}^{6} Li$ astrophysical $S$ factor at Big Bang energies [J] . K. I. Tursunmakhatov, R. Yarmukhamedov International Journal of Modern Physics: Conference Series . 2019 ,第a期

机译：确定渐近标准化系数（核顶点常数）<！ - $ {mathjax tex-ams-mml_htmlormml} - > $α+d\to6li从新直接测量<！ - $ {mathjax tex-ams-mml_htmlormml} - >d（α，γ）6li数据及其对外推<的含义<！ - $ {mathjax tex-ams-mml_htmlormml} - >d（α，γ）6liAstrophySicals <！ - $ {Mathjax Tex-AMS-MML_HTMLORMML} - > <数学Altimg =“eq-00004.gif”display =“内联”溢出=“滚动”>s系数在大bang Energies$
2. Buffer overflow attack with multiple fault injection and a proven countermeasure [J] . Shoei Nashimoto, Naofumi Homma, Yu-ichi Hayashi, Journal of cryptographic engineering . 2017 ,第1期

机译：具有多次故障注入的缓冲区溢出攻击和已证明的对策
3. A Software tool to protect executable files from buffer overflow attacks [J] . Alouneh Sahel A., Bsoul Heba, Kharbutli Mazen International Journal of Internet Technology and Secured Transactions . 2016 ,第2期

机译：一种保护可执行文件免受缓冲区溢出攻击的软件工具
4. A New Class of Buffer Overflow Attacks [C] . Kundu Ashish, Bertino Elisa International Conference on Distributed Computing Systems . 2011

机译：一类新的缓冲区溢出攻击
5. The Effectiveness of a Random Forests Model in Detecting Network-Based Buffer Overflow Attacks. [D] . Julock, Gregory Alan. 2013

机译：随机森林模型在检测基于网络的缓冲区溢出攻击中的有效性。
6. Probabilistic Analysis of a Buffer Overflow Duration in Data Transmission in Wireless Sensor Networks [O] . Wojciech M. Kempa 2020

机译：无线传感器网络中数据传输中缓冲器溢出持续时间的概率分析
7. Variable Record Table: A Run-time Solution for Mitigating Buffer Overflow Attack [O] . Love Kumar Sah, Sheikh Ariful Islam, Srinivas Katkoori 2019

机译：可变记录表：用于缓解缓冲区溢出攻击的运行时解决方案

A New Class of Buffer Overflow Attacks

摘要

著录项

相似文献

相关主题

期刊订阅