

A General Approach for Defending Code-Injection Attacks
Abstract
Keywords
References
Stephen W. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis,” On the General Applicability of Instruction-Set Randomization”, IEEE Transactions On Dependable And Secure Computing, vol. 6, no. 2, April-June 2009
D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken, “A First Step towards Automated Detection of Buffer Overrun Vulnerabilities,” Proc. ISOC Symp. Network and Distributed System Security (SNDSS ’00), pp. 3-17, Feb. 2000.
J. Pincus and B. Baker, “Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overflows,” IEEE Security and Privacy Magazine, vol. 2, no. 4, pp. 20-27, July/Aug. 2004.
Aleph One, “Smashing the Stack for Fun and Profit,” Phrack, vol. 7, no. 49, 1996.
S. Chen, J. Xu, E.C. Sezer, P. Gauriar, and R.K. Iyer, “Non-Control- Data Attacks Are Realistic Threats,” Proc. 14th USENIX Security Symp., pp. 177-191, Aug. 2005.
D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken, “A First Step towards Automated Detection of Buffer Overrun Vulnerabilities,” Proc. ISOC Symp. Network and Distributed System Security (SNDSS ’00), pp. 3-17, Feb. 2000.
A. Smirnov and T. Chiueh, “DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks,” Proc. ISOC Symp. Network and Distributed System Security (SNDSS ’05), Feb. 2005.
G.S. Kc, A.D. Keromytis, and V. Prevelakis, “Countering Code- Injection Attacks with Instruction-Set Randomization,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS ’03), Oct. 2003.
C. Anley, Advanced SQL Injection in SQL Server Applications, 2008.
J. Xu, “Intrusion Prevention Using Control Data Randomization,” Proc. IEEE Int’l Conf. Dependable Systems and Networks (DSN ’03), June 2003.
D. Evans and D. Larochelle, “Improving Security Using Extensible Lightweight Static Analysis,” IEEE Software, Jan./Feb. 2002.
A. Smirnov and T. Chiueh, “DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks,” Proc. ISOC Symp. Network and Distributed System Security (SNDSS ’05), Feb. 2005.
J. Pincus and B. Baker, “Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overflows,” IEEE Security and Privacy Magazine, vol. 2, no. 4, pp. 20-27, July/Aug. 2004..
Michael E. Locasto and Angelos D. Kermytis, “SQL Randomization for the PostgreSQL JDBC Driver” , Proc. 10th ACM Conf. Computer and Comm. Security (CCS ’03), Oct. 2003.
Refbacks
- There are currently no refbacks.

This work is licensed under a Creative Commons Attribution 3.0 License.