Open Access  Subscription or Fee Access

All web servers that need to be guarded from buffer overflow attack must be registered with the proxy server, so that all user requests are directed towards proxy server, which in turn handles each request and processes the request using disassembling algorithm, if that request is found as legitimate request proxy server requests original web server else the request is blocked. This proxy server disassembles and extracts instruction sequences from a request, and then analyzes instruction sequences to find executable machine code. A machine code is a sequence of machine instructions in the form of hexadecimal executed by the machine in response to a service request. The proxy server is based on disassembling process. The BeaEngine is used for disassembling. The proxy server blocks the buffer overflow attack requests from reaching the web server.

Attack Model, Buffer Overflow, Experiments, System Design.

Charles B. Fleeger, Shari lawrencw fleeger, ―Security in Computing‖, Third Edition,PearsonEducation,2003

Patrick nuaghton, Herbert schildt: ―Complete Reference Java2‖, Tata McGraw-hill Publishing Ltd, [1999].

Deitel and Deitel, ―java, how to program‖, Pearson Publishers & Distributors Pvt Ltd, [1999].

Herbert Schildt, ―Java 2 The Complete reference‖, Tata Mc Graw Hill Publications,2008

Metasploit project. http://www.metasploit.com.

Cowan, C., PU, C., Maier, D., Hinton, H., Walpole, J.,Bakke, P., Beattie, S., Grier, A.,Wagle, P., and Zhang, Q, ―Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks‖. In Proceedings of 7th USENIX Security Conference (January 1998).

Kruegel, C., Kirda, E., Mutz, D., Robertson, W., and Vigna, G. ―Polymorphic worm detection using structural information of executables‖. In RAID (2005).

Kuperman, B. A., Brodley, C. E., Ozdoganoglu, H., Vijaykumar, T. N., and Jalote, A, ― Detecting and prevention of stack buffer overflow attacks.‖ Communications of the ACM 48, 11 (2005).

Liang. Z. and Sekar. R. ― Fast and automated generation of attack signatures: A basis for building self-protecting servers.‖ In Proc. 12th ACM Conference on Computer and Communications Security (2005).

Schwarz, B., Debray S. K., and Andrews, G. R. ― Disassembly of executable code revisited.‖ In Proc. IEEE 2002Working Conference on Reverse Engineering (WCRE) (October 2002).

Singh, S., Estan, C., Varghese, G., and Savage S., ―The earlybird system for real-time detection of unknown worms.‖ Tech. rep., University of California at San Diego, 2003.

Wagner, D., Foster, J. S., Brewer, E. A., and Aiken, A, ―A first step towards automated detection of buffer overrun vulnerabilities.‖ In Network and Distributed System Security Symposium (February 2000).

Xinrang Wang, Chi-ChunPan, Perg Liu and Sencun zhu, ― SigFree: A Signature Free buffer overflow attack blocker‖, IEEE transactions on dependable and secure computing, Vol. 5, No. 4, October-December 2008

M. Christodorescu and S. Jha, ―Static Analysis of Executables to Detect Malicious Patterns‖, Proc. 12th USENIX Security Symp.,(Security ’03), Aug. 2003.

Cker Chiueh, T., and HSU, F.-H. Rad: ―A compile-time solution to buffer overflow attacks‖ , In ICDCS (2001).

Fosdick, L. D., and Osterweil, L., ―Data flow analysis in software reliability‖, ACM Computing Surveys 8 (September 1976).

KC, G., Keromytis, A., and Prevelakis, V. ―Countering code-injection attacks with instruction-set randomization‖, In Proceedings of the 10th ACM conference on Computer and communications security (October 2003).

Kim, H.-A., and Karp, B. ―Autograph: Toward automated, distributed worm signature detection‖, In Proceedings of the 13th Usenix Security Symposium (August 2004).

Lakhotia, A., and Eric, U. ―Stack shape analysis to detect obfuscated calls in binaries‖, In Proceedings of Fourth IEEE International Workshop on Source Code Analysis and Manipulation (September 2004).

Toth, T., and Kruegel, C. ―Accurate buffer overflow detection via abstract payload execution‖, In RAID (2002)