Up: Type-Assisted Dynamic Buffer Overflow
Previous: Conclusions and future work
-
- 1
-
AlephOne.
Smashing the stack for fun and profit.
Phrack, 7(49), Nov. 1996.
- 2
-
T. M. Austin, S. E. Breach, and G. S. Sohi.
Efficient detection of all pointer and array access errors.
In ACM SIGPLAN 94 Conference on Programming Language Design and
Implementation, June 1994.
- 3
-
A. Baratloo, N. Singh, and T. Tsai.
Transparent run-time defense against stack smashing attacks.
In Proceedings of the 2000 USENIX Annual Technical Conference,
pages 251-262, San Jose, CA, June 2000. USENIX.
- 4
-
Bulba and Kil3r.
Bypassing stackguard and stackshield.
Phrack, 10(56), May 2000.
- 5
-
M. Conover and w00w00 Security Team.
w00w00 on heap overflows.
https://www.w00w00.org/files/articles/heaptut.txt, Jan. 1999.
- 6
-
C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie,
A. Grier, P. Wagle, and QianZhang.
Stackguard: Automatic adaptive detection and prevention of
buffer-overflow attacks.
In Proceedings of the 7th USENIX Security Symposium, pages
63-77, San Antonio, TX, Jan. 1998. USENIX.
- 7
-
C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole.
Buffer overflows: Attacks and defenses for the vulnerability of the
decade.
In Proceedings DARPA Information Survivability Conference and
Exposition, pages 119-129, Hilton Head, SC, Jan. 2000.
- 8
-
D. Evans, J. Guttag, J. Horning, and Y. M. Tan.
Lclint: A tool for using specifications to check code.
In SIGSOFT Symposium on the Foundations of Software
Engineering, pages 87-96. ACM, Dec. 1994.
- 9
-
A. J. Ferrari, S. J. Chapin, and A. S. Grimshaw.
Heterogeneous process state capture and recovery through process
introspection.
Cluster Computing, 3(2):63-73, 2000.
- 10
-
R. W. M. Jones and P. H. J. Kelly.
Backwards-compatible bounds checking for arrays and pointers in c
programs.
In Proceedings of the third International Workshop on Automatic
Debugging, pages 13-26, Sweden, May 1997.
- 11
-
M. Kaempf.
Vudo - an object superstitiously believed to embody magical powers.
https://www.synnergy.net/downloads/papers/vudo-howto.txt.
- 12
-
D. Larochelle and D. Evans.
Statically detecting likely buffer overflow vulnerabilities.
In Proceedings of the 10th USENIX Security Symposium,
Washington D.C, Aug. 2001. USENIX.
- 13
-
Nergal.
The advanced return-into-lib(c) exploits: Pax case study.
Phrack, 10(58), Dec. 2001.
- 14
-
PaX.
https://pageexec.virtualave.net.
- 15
-
J. M. B. Rivas.
Overwriting the .dtors section.
https://www.synnergy.net/downloads/papers/dtors.txt.
- 16
-
Rix.
Smashing c++ vptrs.
Phrack, 10(56), May 2000.
- 17
-
SolarDesigner.
Non-executable stack patch.
https://www.openwall.com/linux.
- 18
-
SolarDesigner.
Getting around non-executable stack (and fix).
Bugtraq mailing list,
https://www.securityfocus.com/archive/1/7480, Aug. 1997.
- 19
-
StackShield.
https://www.angelfire.com/sk/stackshield.
- 20
-
D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken.
A first step towards automated detection of buffer overrun
vulnerabilities.
In Network and Distributed System Security Symposium, pages
3-17, San Diego, CA, Feb. 2000.
- 21
-
R. Wojtczuk.
Defeating solar designer non-executable stack patch.
Bugtraq mailing list,
https://www.securityfocus.com/archive/1/8470.