|
ALS 2000 Abstract
Enhancements to the Linux Kernel for Blocking Buffer Overflow Based Attacks
Massimo Bernaschi, Italian National
Research Council, Emanuele Gabrielli
and Luigi V. Mancini, Universitˆ di
Roma "La Sapienza", Italy
Abstract
We present the design and implementation of a cost-effective mechanism which controls the invocation of critical, from
the security viewpoint, system calls.
The integration into existing UNIX operating systems is carried out by instrumenting the code of the system calls so
that the system call itself once invoked checks to see whether the invoking process and the argument values passed
comply with the rules held in an access control database.
A working prototype able to detect and block buffer overflow attacks is available as a small set of ``patches'' to the
Linux operating system kernel source.
- View the full text of this paper in
HTML form, and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
