5. Summary

In spite of the fact that threads from malware (especially - worm propagation) are well known they still take place in any software or operation system. Attacks on such systems are still available for implementation because of any system's drawbacks. Buffer overflow attacks and exploits are the major category of possible ways to compromise a system and propagate a malicious code (viruses, worms). Despite the protection mechanisms against buffer overflow attacks which are integrated into the modern operating systems, a probability to find and exploit a zero-day vulnerability of buffer overflow is still extremely high. Modern techniques such as DEP, ASLR and Canaries used to prevent buffer overflow attacks, have a set of disadvantages allowing bypassing the prevention mechanism. It creates a necessity to use an additional approach to protect system's stack against overflowing. Some of them are found in the use of firewalls, IDS/IPS systems, network packet payload scanners, static or dynamic analysis for preventive protection of program's code and etc.

In the case of worm propagation, buffer overflow is still the most usable vulnerability that a worm can use to replicate, propagate itself and infect PCs via the network connection. Moreover, some protection mechanisms, for example - Canaries, can be exploited by worm to obtain stack address space for the further buffer overflowing.

It is the author's belief that modern techniques are morally-outdated and it is highly important to create new methods against buffer overflow attacks to stop spreading worms and malicious software. One such possibility is described above; an approach can be used and integrated into the real-time system after in-depth research and correct implementation.

Work cited:

[1] James C. Foster, Vitaly Osipov, Hish Bhalla, Neils Heinen. Buffer Overflow Attacks: Detect, Exploit, Prevent. s.l. : Syngpress, 2005.

[2] Ed Skoudis, Lenny Zeltser. Malware Fighting Malicious Code. s.l. : Prentice Hall, 2004.

[3] Osborn, Russ. Modern Buffer Overflow Prevention Techniques. 2006.

[4] USENIX Security Symposium. Kiriansky, Vladimir. s.l. : MIT Research paper, 2002. Secure Execution via Program Shepherding.

[5] 5th International Conference on Trust and Trustworthy Computing. Ahmad-Reza Sadeghi, Lucas Davi. Darmstadt (Germany) : s.n., 2011. Runtime Attacks: Buffer overflow and Return-Orienting Programming.

[6] Szor, Peter. The art of Computer: Virus Research and Defence. s.l. : Symatec Press, 2005.

[7] MSDN. Data Execution Prevention . http://msdn.microsoft.com. [Online] 12 Feb 2011. [Cited: 9 12 2011.] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366553%28v=vs.85%29.aspx.

[8] MSDN. Memory Protection Constants . http://msdn.microsoft.com. [Online] 12 Feb 2011. [Cited: 12 9 2011.] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786%28v=vs.85%29.aspx.

[9] GCC Developers Summit. Perry Wagle, Crispin Cowan. 2003. StackGuard: Simple Stack Smash Protection for GCC. pp. 243-256.

[10] 09 IEEE International Conference on Electro/Information Technology. Sirisara Chiamwongpaet, Krerk Piromsopa. 2009. Implementing of Secure Canary Word for Buffer Overflow Protection. pp. 56-61.

[11] Secologic Meeting. Johns, Martin. Hamburg  : s.n., 2005. Preventing Buffer overflows: An Overview of Scientific Approaches.

[12] Software Security Conference. Yuklyanyuk, Igor. January 2008. Stack Based Overflows and Protection Mechanisms.

[13] Wikipedia. Address space layout randomization. http://en.wikipedia.org. [Online] 6 Dec 2011. [Cited: 12 Dec 2011.] http://en.wikipedia.org/wiki/Address_space_layout_randomization.

[14] Allen Harper, Jonathan Ness, Gideon Lenkey. Grey Hat Hacking. The Ethical Hacker's handbook. Third Edition. s.l. : McGraw-Hill, 2011.

[15] Roberta Braqq, Mark Rhodes-Ousley, Keith Strassberg. Network Security: The complete Reference. s.l. : Osborne, 2006 .

[16] Collman, Dieter. Computer Security. Third Edition. s.l. : WILEY, 2011.

Bibliography:

1. James C. Foster, Vitaly Osipov, Hish Bhalla, Neils Heinen. Buffer Overflow Attacks: Detect, Exploit, Prevent. s.l. : Syngpress, 2005.

2. Ed Skoudis, Lenny Zeltser. Malware Fighting Malicious Code. s.l. : Prentice Hall, 2004.

3. Michal Chmielewski, Neill Clift, Sergiusz Fonrobert, Tomasz Ostwald. Find and Fix Vulnerabilities Before Your Application Ships. http://msdn.microsoft.com. [Online] 2007. [Cited: 6 12 2011.] http://msdn.microsoft.com/en-us/magazine/cc163312.aspx.

4. Osborn, Russ. Modern Buffer Overflow Prevention Techniques. 2006.

5. Grover, Sandeep. Buffer Overflow Attacks and Their Countermeasures. http://www.linuxjournal.com. [Online] 14 March 2003. [Cited: 5 12 2011.] http://www.linuxjournal.com/article/6701.

6. Szor, Peter. The art of Computer: Virus Research and Defence. s.l. : Symatec Press, 2005.

7. Allen Harper, Jonathan Ness, Gideon Lenkey. Grey Hat Hacking. The Ethical Hacker's handbook. Third Edition. s.l. : McGraw-Hill, 2011.

8. Application Security 101: Buffer Overflows. Martin, Luther. 2006, ISSA: The Global Voice of Information Security.

9. 5th International Conference on Trust and Trustworthy Computing. Ahmad-Reza Sadeghi, Lucas Davi. Darmstadt (Germany) : s.n., 2011. Runtime Attacks: Buffer overflow and Return-Orienting Programming.

10. Secologic Meeting. Johns, Martin. Hamburg  : s.n., 2005. Preventing Buffer overflows: An Overview of Scientific Approaches.

11. MSDN. Data Execution Prevention . http://msdn.microsoft.com. [Online] 12 Feb 2011. [Cited: 9 12 2011.] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366553%28v=vs.85%29.aspx.

12. MSDN. Memory Protection Constants . http://msdn.microsoft.com. [Online] 12 Feb 2011. [Cited: 12 9 2011.] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786%28v=vs.85%29.aspx.

13. Wikipedia. Page table. http://en.wikipedia.org. [Online] 17 Nov 2011. [Cited: 9 Dec 2011.] http://en.wikipedia.org/wiki/Page_table.

14. Wikipedia. Source lines of code. http://en.wikipedia.org. [Online] 7 12 2011. [Cited: 8 12 2011.] http://en.wikipedia.org/wiki/Source_lines_of_code.

15. 09 IEEE International Conference on Electro/Information Technology. Sirisara Chiamwongpaet, Krerk Piromsopa. 2009. Implementing of Secure Canary Word for Buffer Overflow Protection. pp. 56-61.

16. Wikipedia. Buffer overflow protection. http://en.wikipedia.org. [Online] 28 Apr 2011. [Cited: 9 Dec 2011.] http://en.wikipedia.org/wiki/Buffer_overflow_protection.

17. Software Security Conference. Yuklyanyuk, Igor. January 2008. Stack Based Overflows and Protection Mechanisms.

18. Wikipedia. Stack buffer overflow. http://en.wikipedia.org. [Online] 18 Nov 2011. [Cited: 9 Dec 2011.] http://en.wikipedia.org/wiki/Stack_buffer_overflow.

19. GCC Developers Summit. Perry Wagle, Crispin Cowan. 2003. StackGuard: Simple Stack Smash Protection for GCC. pp. 243-256.

20. USENIX Security Symposium. Kiriansky, Vladimir. s.l. : MIT Research paper, 2002. Secure Execution via Program Shepherding.

21. 7th USENIX Security Symposium. Crispan Cowan, Calton Pu et al. San Antonio, Texas : s.n., January 26-29, 1998. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks.

22. 21st IEEE International Symposium on Software Reliability Engineering. Vivek Iyer, Amit Kanitkar et al. 2010. Preventing Overflow Attacks by Memeory Randomization.

23. Blackhat and DEFCON conference. Peter Siberman, Richard Johnson. 2004. A comparison of Buffer Overflow Prevention Implementations and Weaknesses.

24. Buffer Overflow attack - Vulnerability in Stack. P. Vadivel Murugan, Dr. K. Alagarsamy. Jan, 2011, International Journal of Computer Applications.

25. Wikipedia. Address space layout randomization. http://en.wikipedia.org. [Online] 6 Dec 2011. [Cited: 12 Dec 2011.] http://en.wikipedia.org/wiki/Address_space_layout_randomization.

26. Roberta Braqq, Mark Rhodes-Ousley, Keith Strassberg. Network Security: The complete Reference. s.l. : Osborne, 2006 .

27. Michael Rush, Angela Orebough, Grahman Clark. Intrusion detection and Active response: Deploying Network and Host IPS. s.l. : Syngress, 2005.

28. Rehman, Raffeeq Ur. Intrusion Detection Systems with Snort. Advanced IDS techniques using Snort, Apache, MySQL, PHP. 2003.

29. Earl Carter, Jonathan Hogue. Intrusion Prevention: Signatures and Actions. http://www.ciscopress.com. [Online] 26 May 2006. [Cited: 10 Dec 2011.] http://www.ciscopress.com/articles/article.asp?p=471095.

30. Paquet, Catherine. Network Security Using Cisco IOS IPS. http://www.ciscopress.com. [Online] 8 Jun 2009. [Cited: 10 Dec 2011.] http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=5.

31. NIST. National Vulnerability Database. http://nvd.nist.gov/. [Online] 2011. http://nvd.nist.gov/.

32. Collman, Dieter. Computer Security. Third Edition. s.l. : WILEY, 2011.

33. An Overview of Anomoly Detection Techniques: Existing Solutions and Latest Technological Trends. Jung-Min Park, Animesh Patcha. 2007, Computer Networks.

34. Theodoro Garcia, et al. Anomaly-based network intrusion detection: Techniques, systems and challenges. s.l. : ELSEVIER, 2008.

35. James Cannady, Jay Harrel. A Comparative analysis of curent Intrusion Detection Technologies. Atlanta, Georgia Institute of Technologie. : s.n., 2001.

36. Wikipedia. Sandbox (computer security). http://en.wikipedia.org. [Online] 10 Dec 2011. [Cited: 10 Dec 2011.] http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29.