TY - GEN
T1 - Detection and diagnosis of control interception
AU - Tsai, Chang Hsien
AU - Huang, Shih-Kun
PY - 2007/12/1
Y1 - 2007/12/1
N2 - Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.
AB - Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.
UR - http://www.scopus.com/inward/record.url?scp=38149142657&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-77048-0_32
DO - 10.1007/978-3-540-77048-0_32
M3 - Conference contribution
AN - SCOPUS:38149142657
SN - 9783540770473
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 412
EP - 426
BT - Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings
T2 - 9th International Conference on Information and Communications Security, ICICS 2007
Y2 - 12 December 2007 through 15 December 2007
ER -