You are here
Enhancements to the Linux Kernel for Blocking Buffer Overflow Based Attacks
We present the design and implementation of a cost-effective mechanism which controls the invocation of critical, from the security viewpoint, system calls.
The integration into existing UNIX operating systems is carried out by instrumenting the code of the system calls so that the system call itself once invoked checks to see whether the invoking process and the argument values passed comply with the rules held in an access control database.
A working prototype able to detect and block buffer overflow attacks is available as a small set of ``patches'' to the Linux operating system kernel source.