Fatal injection: a survey of modern code injection attack countermeasures
Open Access
- 27 November 2017
- journal article
- Published by PeerJ in PeerJ Computer Science
- Vol. 3, e136
- https://doi.org/10.7717/peerj-cs.136
Abstract
With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.Keywords
Funding Information
- Athens University of Economics and Business Research Center Program (EP-2606-01)
This publication has 101 references indexed in Scilit:
- The emergence of cross channel scriptingCommunications of the ACM, 2010
- Attacks target Web server logic and prey on XCS weaknessesCommunications of the ACM, 2010
- The software model checker BlastInternational Journal on Software Tools for Technology Transfer, 2007
- JavaScript instrumentation for browser securityACM SIGPLAN Notices, 2007
- Testing static analysis tools using exploitable buffer overflows from open source codeACM SIGSOFT Software Engineering Notes, 2004
- Beyond stack smashing: recent advances in exploiting buffer overrunsIEEE Security & Privacy, 2004
- Buffer overflow and format string overflow vulnerabilitiesSoftware: Practice and Experience, 2003
- Token-based scanning of source code for security problemsACM Transactions on Information and System Security, 2002
- SQLJ Part 1ACM SIGMOD Record, 1999
- The model checker SPINIEEE Transactions on Software Engineering, 1997