How to tackle buffer overflow vulnerabilities and attacks

More from Royal Holloway Have a look at the rest of the 2009 theses from MSc graduates of Royal Holloway, University of London (RHUL).

The chaos and destruction a buffer overflow can cause can be disastrous if not dealt with at the earliest opportunity, but systems developers seem hard pressed to build in suitable defences against them.

While it may be difficult to prevent buffer overflows altogether, it is still possible to limit the threat, and also contain the damage an exploit can inflict, according to Parvez Anwar and Andreas Fuchsberger.

They have been researching the subject and have produced new insights into the problem and how it can be tackled effectively. Their ideas are outlined in a detailed article, "Buffer Overflows in a Windows Environment" (see below for .pdf), that we are publishing on SearchSecurity.co.uk as part of our 2009 series featuring the best new MSc theses from graduates from the Information Security department of Royal Holloway University of London (RHUL).

The article provides a detailed explanation of how these buffer overflow exploits work in the first place, and then goes on to provide practical help in mitigating the potential damage.

As the authors point out, the threat of the buffer overflow will be with us for many years to come. But they propose several techniques that developers can use to avoid serious damage.

Read Buffer overflows in a Windows environment (.pdf) by Parvez Anwar and Andreas Fuchsberger.

SearchSecurity's association with RHUL began last year when we published 12 articles from RHUL's MSc graduates. These were widely appreciated for their new ideas and relevance to security problems. We believe the 2009 series is equally wide-ranging and thought-provoking.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Social networking risks, benefits for enterprises weighed by RSA panel CISOs take measured steps to reduce social media risks Google to pay for Chrome browser vulnerabilities Facebook, McAfee partner to fix social network security issues PDF attack code complicates security analysis, skirts detection Annual security reports offer some hope Firefox, Opera, Safari browsers top list of high risk software Active PDF attacks target Reader, Acrobat zero-day vulnerability Using unique device identification for bank website security Avoid common Web application firewall configuration errors Secure Coding and Application Programming Open source software security tops commercial apps, study finds Improving software with the Building Security in Maturity Model (BSIMM) SANS Institute, MITRE release new top 25 dangerous coding errors list Code complexity analysis: How to keep it simple Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers SQL injection detection tools and prevention strategies Cross-site scripting explained: How to prevent attacks H.D. Moore speaks about Metasploit Project deal, Release 3.3 Metasploit Project acquired by vulnerability management firm Rapid7

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary