Detection and diagnosis of control interception

Chang Hsien Tsai; Shih-Kun Huang

doi:10.1007/978-3-540-77048-0_32

Detection and diagnosis of control interception

Chang Hsien Tsai^*, Shih-Kun Huang

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.

Original language	English
Title of host publication	Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings
Publisher	Springer Verlag
Pages	412-426
Number of pages	15
ISBN (Print)	9783540770473
DOIs	https://doi.org/10.1007/978-3-540-77048-0_32
State	Published - 2007
Event	9th International Conference on Information and Communications Security, ICICS 2007 - Zhengzhou, China Duration: 12 Dec 2007 → 15 Dec 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4861 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	9th International Conference on Information and Communications Security, ICICS 2007
Country/Territory	China
City	Zhengzhou
Period	12/12/07 → 15/12/07

Access to Document

10.1007/978-3-540-77048-0_32

Cite this

Tsai, C. H., & Huang, S.-K. (2007). Detection and diagnosis of control interception. In Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings (pp. 412-426). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4861 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-77048-0_32

@inproceedings{ab91e0fd4f294f2b91d4d8ef4acaab1b,

title = "Detection and diagnosis of control interception",

abstract = "Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.",

author = "Tsai, {Chang Hsien} and Shih-Kun Huang",

year = "2007",

doi = "10.1007/978-3-540-77048-0_32",

language = "English",

isbn = "9783540770473",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "412--426",

booktitle = "Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings",

address = "德國",

note = "9th International Conference on Information and Communications Security, ICICS 2007 ; Conference date: 12-12-2007 Through 15-12-2007",

}

Tsai, CH & Huang, S-K 2007, Detection and diagnosis of control interception. in Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4861 LNCS, Springer Verlag, pp. 412-426, 9th International Conference on Information and Communications Security, ICICS 2007, Zhengzhou, China, 12/12/07. https://doi.org/10.1007/978-3-540-77048-0_32

Detection and diagnosis of control interception. / Tsai, Chang Hsien; Huang, Shih-Kun.
Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings. Springer Verlag, 2007. p. 412-426 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4861 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detection and diagnosis of control interception

AU - Tsai, Chang Hsien

AU - Huang, Shih-Kun

PY - 2007

Y1 - 2007

N2 - Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.

AB - Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.

UR - http://www.scopus.com/inward/record.url?scp=38149142657&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-77048-0_32

DO - 10.1007/978-3-540-77048-0_32

M3 - Conference contribution

AN - SCOPUS:38149142657

SN - 9783540770473

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 412

EP - 426

BT - Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings

PB - Springer Verlag

T2 - 9th International Conference on Information and Communications Security, ICICS 2007

Y2 - 12 December 2007 through 15 December 2007

ER -

Tsai CH, Huang SK. Detection and diagnosis of control interception. In Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings. Springer Verlag. 2007. p. 412-426. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-77048-0_32

Detection and diagnosis of control interception

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this