Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Operating system tools –
Intrusion detection
•Example: An intrusion
detection system could keep track of what patterns of system calls
programs usually exhibit, and then report or react to anomalies such as
an “execv()” call when the next system call is usually to close a
file
•Pros:
–Could be able to detect a variety of hijacking attacks, not just stack smashing
–Could be able to detect many attacks on unknown vulnerabilities
•Cons:
–Intrusion detection is a developing technology
–The offending process will probably be killed leaving it open to a denial-of-service attack