International Journal of Computer
Trends and Technology

Research Article | Open Access | Download PDF

Volume 4 | Issue 7 | Year 2013 | Article Id. IJCTT-V4I7P173 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I7P173

Averting Buffer Overflow Attack in Networking OS using – BOAT Controller

Vadivel Murugan.P, M.Alagarsamy

Citation :

Vadivel Murugan.P, M.Alagarsamy, "Averting Buffer Overflow Attack in Networking OS using – BOAT Controller," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 7, pp. 2366-2370, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I7P173

Abstract

Today’s Networking Operating System Server software is under continuous scrutiny and attack, whether for fun or for profit. Networking OS Software vulnerabilities that allow the injection and execution of malicious code in persistent Internet connected systems pose serious threats to system security. In a common type of attack, an inimical party induces a software buffer overflow in a prone to the computing devices in order to corrupt a procedure to return addresses and transfer controls to the malicious code. This buffer overflow attacks are often engaged to recruit unaware hosts into Distributed Denial of Service (DDoS) attack networks, which ultimately promote overwhelming buffer overflow attack against victim networks or machines. In spite of current security software countermeasures that they seek to prevent buffer overflow exploits, many systems are in remain vulnerable. The BOAT controller tool is detect and prevent the buffer overflow in networking OS and strongly control the task utilization.

Keywords

Buffer overflows attack, BOAT controller tool, Memory allocation, Stack based buffer overflow, Heap based buffer overflow.

References

1. Phrack Aleph One, “Smashing the stack for fun and profit,” Magazine, Vol. 7, http://www.phrack.org/issues.html? issue=49&id=14.,
2. 1996, C. Cowan, C. Pu, D. Maier, J.  Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. Stack-      Guard: Automatic adaptive detection and prevention of bufferoverflow attacks. In   Proceedings of the 7th USENIX  Security Conference,   pages 6378, San Antonio,   Texas, January 1998.
3. Crispin Cowan, Posting to Bugtraq Mailing List, http://geek-girl.com/bugtraq/1999_1/0481.html
4. CERT, http://www.us-cert.gov/.
5. CERT. CERT/CC http://www.cert.org/stats/cert stats.html, Feb. 2005.
6. statistics. C. Cowan. Software security for open-source systems. IEEE Security & Privacy, 1(1):38–45, 2003.
7. Figure 5: The application executed is ready to control the overflow task D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 2001 USENIX Security Symposium, Washington DC, USA, August 2001.
8. E. Rescorla. Is finding security holes a good idea? IEEE Security & Privacy, 3(1):14–19, 2005.
9. H. Etoh. GCC extension for protecting applications from stack-smashing attacks.  http://www.trl.ibm.com/projects/security/ssp/, June 2000.
10. http://www.cert.org/advisories. 
11. http:// www.securelist.com/en/analysis Security Bulletin 2010 /Statistics, 2010 Kas
12. against I. Simon. A comparative analysis of methods of defense buffer overflow attacks. http://www.mcs.csuhayward.edu/˜simon/security/boflo.html, January 2001.
13. J. McCarthy, “Take Two Aspirin, and Patch That System – Now,” SecurityWatch, August 31, 2001.
14. Li-Han Chen, Fu-Hau Hsu, Cheng-Hsien Huang, ChihWen Ou,Chia-Jun Lin And Szu-Chi Liu “A Robust KernelBased Solution to Control-Hijacking Buffer Overflow Attacks”Journal Of Information Science And Engineering 27, 869-890 (2011).
15. NIST. ICAT vulnerability  statistics.http://icat.nist.gov/icat.cfm?function=statistics, Feb.2005.
16. R. W. Shirey. Request for comments: 2828, Internet security glossary.  http://www.faqs.org/rfcs/rfc2828.html, May 2000.
17. SolarDesigner, “Non-executable user stack,” http://www.openwall.com/linux.///, J. Pincus and B. Baker, “Beyond stack smashing: recent advances in exploiting buffer overruns,” in Proceedings of IEEE Symposium on Security and Privacy, 2004,pp. 20-27.
18. T. cker Chiueh and F.-H. Hsu. RAD: A compile-time solution to buffer overflows attacks. In Proceedings of the 21th International Conference on Distributed Computing Systems (ICDCS), Phoenix, Arizona, USA, April 2001.
19. Critical The SANS Institute, “The SANS/FBI Twenty Most Internet Security http://www.sans.org/top20/, October 2002.
20. Vulnerabilities,” Vendicator. Stack Shield technical info file v0.7. http: //www.angelfire.com/sk/stackshield/, January 2001.
21.  Zitser. Securing software: An evaluation of static source code analyzers. Master’s thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, Aug. 2003.