A qualitative framework for evaluating buffer overflow protection mechanisms Online publication date: Wed, 21-Sep-2016
by N. Raghu Kisore
International Journal of Information and Computer Security (IJICS), Vol. 8, No. 3, 2016
Abstract: In the last decade, a large number of buffer overflow protection mechanisms have been proposed in the literature. The exponential growth of the Internet has greatly enhanced the chances of a large scale cyber attack. In the absence of a quantitative model to answer the fundamental question in security 'how secure is secure enough?', we propose a qualitative framework based on which we review existing buffer overflow protection mechanisms to better understand their ability to prevent/slowdown a large scale cyber-attack. We use the proposed qualitative framework to evaluate 24 different buffer overflow protection mechanisms and finally conclude with a report card to summarise the security gaps in each of these mechanisms. We believe that this work at the least would serve as a reference to the research community and security practitioners in the software industry.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook