International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II

Research Article

Blind Format String Attacks

Download
348 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-23802-9_23,
    author={Fatih Kilic and Thomas Kittel and Claudia Eckert},
    title={Blind Format String Attacks},
    proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II},
    proceedings_a={SECURECOMM},
    year={2015},
    month={12},
    keywords={Security Format string attacks},
    doi={10.1007/978-3-319-23802-9_23}
}
  • Fatih Kilic
    Thomas Kittel
    Claudia Eckert
    Year: 2015
    Blind Format String Attacks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23802-9_23
Fatih Kilic1,*, Thomas Kittel1,*, Claudia Eckert1,*
  • 1: Technische Universität München
*Contact email: kilic@sec.in.tum.de, kittel@sec.in.tum.de, eckert@sec.in.tum.de

Abstract

Although Format String Attacks (FSAs) are known for many years there is still a number of applications that have been found to be vulnerable to such attacks in the recent years. According to the CVE database, the number of FSA vulnerabilities is stable over the last 5 years, even as FSA vulnerabilities are assumingly easy to detect. Thus we can assume, that this type of bugs will still be present in future. Current compiler-based or system-based protection mechanisms are helping to restrict the exploitation this kind of vulnerabilities, but are insufficient to circumvent an attack in all cases.

Keywords
Security Format string attacks
Published
2015-12-03
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-23802-9_23
Copyright © 2014–2024 ICST
EAI Logo

About EAI

Community

Publish with EAI