Steve Beattie

Buffer overflows: attacks and defenses for the vulnerability of the decade

Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive measures that mitigate buffer overflow vulnerabilities, including our own StackGuard method. We then consider which combinations of techniques can eliminate the problem of buffer overflow vulnerabilities, while preserving the functionality and performance of existing systems.

Defcon Capture the Flag: defending vulnerable code from intense attack

Immunix/spl trade/ is a Linux system hardened with several DARPA-funded security technologies to produce a highly survivable server appliance platform. The Immunix technologies include: StackGuard, FormatGuard, RaceGuard, SubDomain, and LSM (Linux Security Modules). Combined, these technologies make it very difficult for an attacker to break into an Immunix server, despite the presence of unpatched vulnerabilities, while also preserving a high degree of compatibility with standard Linux systems. The Defcon Capture-the-Flag (CtF) contest is the largest open security hacking game. The 2002 game was designed to make it particularly difficult for defenders to defend their servers by forcing players to host software known to be vulnerable. Our DISCEX III paper describes our experience playing an Immunix server in this game: we placed second overall, and no one was able to take control of the Immunix server.