Make your own free website on
A detailed description of the Data Execution Prevention (DEP) feature in Windows...
Microsoft Corporation
Statically Detecting Likely Buffer Overflow Vulnerabilities
David Larochelle, David Evans.
USENIX Security Symposium, August 2001
English.HTML English.PDF
¨This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in  semantic comments and uses lightweight and efficient static analyses.¨
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Crispin Cowan, Perry Wagle, Calton Pu,Steve Beattie,Jonathan Walpole  , 1999
ProPolice: Protecting from stack-smashing attacks
Hiroaki Etoh and Kunikazu Yoda
IBM Research Division, Tokyo Research Laboratory, June 19, 2000
It is a GCC  extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities 
D. Wagner, J. Foster, E. Brewer, and A. Aiken (UC Berkeley) 
Automatic Detection and Prevention of Buffer-Overflow Attacks 
Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry

Wagle, and Qian Zhang 
7th USENIX Security Symposium, San Antonio,TX, January 1998
Protecting Systems from Stack Smashing Attacks with StackGuard
Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle, and Erik Walthinsen 
Linux Expo, Raleigh, NC, May 1999
Libsafe: Protecting Critical Elements of Stacks
Arash Baratloo, Timothy Tsai and Navjot Singh
Bell Labs, Lucent Technologies, December 1999

Make your software behave: Learning the basics of buffer overflows
Gary McGraw and John Viega [RST]
IBM, March  2000 
Make your software behave: 
Brass tacks and smash attacks  An analysis of how a buffer overflow attack works
Gary McGraw and John Viega [RST]
IBM, March  2000 
URL (wrong pdf file)  HTML
Make your software behave: 
Preventing buffer overflows Protect your code through defensive programming
Gary McGraw and John Viega [RST]
IBM, March  2000 

Defeating Solar Designer's Non-executable Stack Patch
Rafal Wojtczuk
January 1998 
Defeating Solaris/Sparc Non Executable Stack Protection
John McDonald
March 1999
Bypassing Stackguard and Stackshield. 
Bulba and Kil3r
Phrack Magazine 56(5),May 2000 
StackGuard Mechanism: Emsi's Vulnerability
Mariusz Woloszyn
Bypassing PaX ASLR protection
Almost Anonymous
July 2002