Re: Buffer Overflows: A Summary
Gene Spafford (spaf@CS.PURDUE.EDU)
Fri, 02 May 1997 15:04:33 -0500
> Bill Trost <trost@CLOUD.RAIN.COM> wrote:
>
> Oddly enough, we had a talk here in the CS department earlier this
> week by Mootaz Elnozahy from Carnegie Mellon who suggested the idea of
> writing a system call pattern associated with a security sensitive
> program. The pattern would specify which calls would be used, with
> what arguments, and in what order, etc. The kernel could check the
> program's execution, and if the kernel detects a problem, it drops the
> program into a secure mode where the attacker continues to get
> responses like the attack is succeeding, but can't actually do any
> damage.
Mr. Elnozahy should look at the literature more carefully. Stephanie Forrest
has been working on something almost exactly like this for the past couple of
years. A paper on the work was in the last Oakland IEEE Symposium on
Security and Privacy. The work has continued, and they have more interesting
results.
There is also some history of techniques similar to this used in deployed
intrusion detection systems.....
--spaf