Title: A qualitative framework for evaluating buffer overflow protection mechanisms

Authors: N. Raghu Kisore

Addresses: Institute for Development and Research in Banking Technology, Road No. 1, Castle Hills, Hyderabad, Telangana, India

Abstract: In the last decade, a large number of buffer overflow protection mechanisms have been proposed in the literature. The exponential growth of the Internet has greatly enhanced the chances of a large scale cyber attack. In the absence of a quantitative model to answer the fundamental question in security 'how secure is secure enough?', we propose a qualitative framework based on which we review existing buffer overflow protection mechanisms to better understand their ability to prevent/slowdown a large scale cyber-attack. We use the proposed qualitative framework to evaluate 24 different buffer overflow protection mechanisms and finally conclude with a report card to summarise the security gaps in each of these mechanisms. We believe that this work at the least would serve as a reference to the research community and security practitioners in the software industry.

Keywords: qualitative framework; large scale cyber attacks; software security; buffer overflow attacks; memory layout randomisation; cyber warfare; software diversity; source code obfuscation; runtime protection; security attack propagation; buffer overflow protection.

DOI: 10.1504/IJICS.2016.079187

International Journal of Information and Computer Security, 2016 Vol.8 No.3, pp.272 - 307

Accepted: 02 Feb 2016
Published online: 21 Sep 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article