Sigfree ppt (International Journal of Computer Science and Mobile Computing)
Download as PPT, PDF0 likes517 views
The document outlines the significance of buffer overflow vulnerabilities in cybersecurity, noting their role as a primary cause of cyber-attacks. It introduces 'sigfree,' an application layer blocker designed to detect and prevent these attacks without requiring signatures, making it user-friendly and economical for deployment. The document also discusses challenges in securing SSL-encrypted data and the limitations of current defenses against buffer overflow attacks.
Sigfree ppt (International Journal of Computer Science and Mobile Computing)
- 1. Page 3 The history of cyber security, buffer over- flow is one of the most serious vulnerabilities in computer systems. Buffer overflow vulnerability is a root cause for most of the cyber-attack. A buffer overflow occurs during program execution when a fixed-size buffer has had too much data copied into it.
- 2. Page 4 This causes the data to overwrite into adjacent memory locations. It depending on what is stored there, the behavior of the program itself might be affected. Although taking a broader viewpoint, buffer overflow attacks do not always carry binary code in the attacking requests.
- 3. Page 6 SigFree is mainly related to three bodies of work: Prevention/detection techniques of buffer overflows : Existing prevention/detection techniques of buffer over- flows can be roughly broken down into six classes. Worm detection and signature generation : Based on the nature of worm infection symptoms, three classes. Macro symptoms Local traffic symptoms Worm code running symptoms
- 4. Page 8 Although tons of research has been done to tackle buffer overflow attacks, existing defenses are still quite limited in meeting four highly desired requirements: (R1) simplicity in maintenance; (R2) transparency to existing (legacy) server OS, application software, and hardware; (R3) resiliency to obfuscation; (R4) economical Internet-wide deployment.
- 5. Page 9 Accordingly, SigFree (Fig. 1) works as follows: SigFree is an application layer blocker that typically stays between a service and the corresponding firewall.
- 6. Page 11 To avoid detection by users, some viruses employ different kinds of deception. MS-DOS platform, make sure that the "last modified" date of a host file stays the same Some viruses can infect files without increasing their sizes or damaging the files. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
- 7. Page 13 The proxy-based SigFree could not handle encrypted or encoded data directly. A particular example is SSLenabled web server. Enhancing security between web clients and web servers. SSL also causes the difficulty for out-of-box malicious code detectors. SSL is implemented as a server module
- 8. Page 14 To support SSL functionality, an SSL proxy such as Stunnel (Fig. 4) may be deployed to securely tunnel the traffic between clients and web servers.
- 9. Page 16 SigFree has taken a main step forward in meeting the four requirements Block new and unknown buffer overflow attacks. Uses generic code-data separation criteria feature separates SigFree from an independent work An out-of-the-box solution that requires no server side changes. An economical deployment with very low maintenance cost
- 10. Page 18 worth mentioning tool is also widely applicable to many programs proxybased SigFree - used to protect all internet services used to protect some Internet services Generate many false positives provide file system real-time protection
- 11. Page 20 We have proposed SigFree. An online signature-free out-of-the-box blocker that can filter code-injection buffer overflow attack messages One of the most serious cyber security threats. Does not require any signatures. It can block new unknown attacks. Immunized from most attack-side code obfuscation method.
- 12. Page 22 Citeseer: Scientific Literature Digital Library, http://citeseer.ist.psu.edu, 2007. The Metasploit Project, http://www.metasploit.com, 2007. Jempiscodes—A Polymorphic Shellcode Generator, http:// www.shellcode.com.ar/en/proyectos.html, 2007.