Pierre-Alain Fouque
ABSTRACT
Fault attacks have been developed in the cryptographic community to extract secret information on hardware implementations. They have also been used to bypass security checks during authentication processes for example. Here, we show that they can be exploited to make more damage, taking the control of a machine as buffer overflow attacks do for instance. In this short paper, we demonstrate by using one example that countermeasures against buffer overflow must also be used for software running on embedded processors.
- R. J. Anderson and M. G. Kuhn. Low Cost Attacks on Tamper Resistant Devices. In B. Christianson, B. Crispo, T. M. A. Lomas, and M. Roe, editors, Security Protocols Workshop, volume 1361 of Lecture Notes in Computer Science, pages 125--136. Springer, 1997. Google Scholar
Digital Library
- C. Cowan, S. Beattie, R. Day, P. w. C. Pu, and E. Walthinsen. Protecting Systels from Stack Smashing Attacks with StackGuard. In Proceedings of the 5th Linux Expo., Raleigh, NC, May 1999.Google Scholar
- S. Govindavajhala and A. W. Appel. Using Memory Errors to Attack a Virtual Machine. In IEEE Symposium on Security and Privacy, pages 154--165, 2003. Google ScholarDigital Library
- O. Kömmerling and M. G. Kuhn. Design Principles for Tamper-Resistant Smartcard Processors. In WOST'99: Proceedings of the USENIX Workshop on Smartcard Technology, pages 9--20. USENIX Association, 1999. Google ScholarDigital Library
Recommendations
Exploiting a buffer overflow using metasploit framework
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business ServicesBuffer overflow has been used for many years as an effective mean for system penetration to gain remote access [2, 3, 5, 6, 7]. Buffer overflow exploitation takes advantage of weak software programming such as boundary check for memory usage of declared ...
Repairing return address stack for buffer overflow protection
CF '04: Proceedings of the 1st conference on Computing frontiersAlthough many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism ...
Realization of Buffer Overflow
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 01In recent decades, the buffer overflow has been a source of many serious security issues. In recent years, by the CERT/CC (Computer Emergency Response Term/Coodination Center) issued advice on the buffer overflow vulnerability for more than accounted ...
Comments