Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Operating system tools –
Intrusion detection
Intrusion detection
Example: An intrusion
detection system could keep track of what patterns
of system calls programs usually exhibit, and then report or react to anomalies such as an “execv()” call when the
next system call is usually to close a
file
Pros:
–Could be able to detect a variety of hijacking attacks,
not just stack smashing
–Could be able to detect many attacks on unknown
vulnerabilities
Cons:
–Intrusion detection is a developing technology
–The offending process will probably be killed leaving it
open to a denial-of-service attack