Modification Data Attack inside Computer Systems: A critical Review

Authors

  • Vahid Kaviani J Islamic Azad University, Isfahan (Khorasgan) Branch, Isfahan
  • Parvin Ahmadi Doval Amiri Islamic Azad University, Isfahan (Khorasgan) Branch, Isfahan
  • Farsad Zamani Brujeni Islamic Azad University, Isfahan (Khorasgan) Branch, Isfahan
  • Nima Akhlaghi Islamic Azad University, Isfahan (Khorasgan) Branch, Isfahan

DOI:

https://doi.org/10.34306/csit.v6i1.410

Keywords:

Modification, Control Data Attack, Non-Control Data Attack, Memory Security, Computer Security

Abstract

This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take or erase critical data on the PCs and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.

Downloads

Download data is not yet available.

References

Lazzez, A., & Slimani, T. (2015). Forensics investigation of web application security attacks. International

Journal of Computer Network and Information Security, 7(3), 10.

Keerthi, V. K. (2016). Taxonomy of SSL/TLS Attacks. International Journal of Computer Network and

Information Security, 8(2), 15.

Iyengar, N. C. S., Banerjee, A., & Ganapathy, G. (2014). A fuzzy logic based defense mechanism against

distributed denial of service attack in cloud computing environment. International Journal of Communication

Networks and Information Security, 6(3), 233.

Jonathan-Christofer Demay, Éric Totel, and Frédéric TronelSUPELEC: Automatic Software Instrumentation

for the Detection of Non-control-data Attacks, 2009.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer: Non-control-data Attacks are

Realistic Threats. Usenix Security Symposium, 2005.

A. Sotirov. Modern exploitation and memory protection bypasses.

http://www.usenix.org/events/sec09/tech/slides/sotirov.pdf, 2009.

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-?ow integrity: Principles, implementations, and

applications.In CCS. ACM, 2005.

Jonathan-Christofer Demay, Eric Totel and Frédéric Tronel SUPELEC, Rennes, France: SIDAN : a tool

dedicated to Software Instrumentation for Detecting Attacks on Non-control-data, 2009.

Khan, W. Z., Yang, X., Aalsalem, M. Y., & Arshad, Q. (2011). Comprehensive study of selective forwarding

attack in wireless sensor networks. International Journal of Computer Network and Information Security, 3(1),

[Hu, Z., Mukhin, V., Loutskii, H., & Kornaga, Y. (2016). Stochastic RA-Network for the Nodes Functioning

Analysis in the Distributed Computer Systems. International Journal of Computer Network & Information

Security, 8(6).

Kodada, B. B., Prasad, G., & Pais, A. R. (2012). Protection against DDoS and data modification attack in

computational grid cluster environment. International Journal of Computer Network and Information Security,

(7), 12.

Aleph One. Smashing the stack for fun and profit.Phrack Magazine, 49(7), Nov. 1996.

Tim Newsham. Format String Attacks.http://muse.linuxmafia.org/lost+found/format-string-attacks.pdf

CERT Security Advisories. http://www.cert.org/advisories/

United States Computer Emergency Readiness Team.Technical Cyber Security Alerts,

http://www.us-cert.gov/cas/techalerts/

Microsoft Security Bulletin, http://www.microsoft.com/technet/security/

Cole Schlesinger, Karthik Pattabiramanz, Nikhil Swamy, David Walker, Benjamin Zorn. 2011 24th Computer

Security Foundations Symposium. Modular Protections against Non-control Data Attacks.

Jedidiah R. Crandall and Frederic T. Chong, University of California at Davis Computer Science Department,

Minos: Control Data Attack Prevention Orthogonal to Memory Model.

Dhakar, M., & Tiwari, A. (2013). A New Model for Intrusion Detection based on Reduced Error Pruning

Technique. International Journal of Computer Network and Information Security, 5(11), 51.

Kuperman, B. A., Brodley, C. E., Ozdoganoglu, H., Vijaykumar, T. N., & Jalote, A. (2005). Detection and

prevention of stack buffer overflow attacks. Communications of the ACM, 48(11), 50-56.

A. Baratloo, T. Tsai, and N. Singh, Transparent run-rime defense against stack smashing attacks, In

Proceedings of USENIX Annual Technical Conference, June 2000.

C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf

format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington,

DC,August 2001.

Melese, S. Z., & Avadhani, P. S. (2016). Honeypot System for Attacks on SSH Protocol. International Journal

of Computer Network and Information Security (IJCNIS), 8(9), 19.

The Apache Software Foundation. http://www.apache.org/

Null HTTPd Remote Heap Overflow Vulnerability.http://www.securityfocus.com/bid/5774 and

http://www.securityfocus.com/bid/6255

Ghttpd Log() Function Buffer Overflow Vulnerability.http://www.securityfocus.com/bid/5960

C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow

vulnerabilities. In Proceedings of the 12th USENIX Security Symposium. Washington, DC, August 2003.

PaX Address Space Layout Randomization (ASLR).http://pax.grsecurity.net/docs/aslr.txt

Modification Data Attack Inside Computer Systems: A Critical Review (Vahid Kaviani J)

APTIKOM J. CSIT ISSN: 2528-2417 ? 60

H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B.Miller. Formalizing sensitivity in static analysis for

intrusion detection. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004.

Wilander, J., & Kamkar, M. (2003, February). A Comparison of Publicly Available Tools for Dynamic Buffer

Overflow Prevention. In NDSS (Vol. 3, pp. 149-162).

H. Feng, O. Kolesnikov, P. Fogla, W. Lee and W. Gong.Anomaly detection using call stack information. In

Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003.

J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. To appear

in Proceedings of the 37th International Symposium on Microarchitecture.Portland,OR. December 2004

A. Smirnov and T. Chiueh. DIRA: Automatic detection, identification and repair of control-data attacks. In

Proceedings of the 12th Network and Distributed System Security Symposium (NDSS), San Diego, CA,

February 3-4, 2005.

Sann, Z., Soe, T. thi, Knin, K. W. M., & Win, Z. M. (2020). Performance Comparison of Asymmetric

Cryptography (Case Study-mail Message). APTIKOM Journal on Computer Science and Information

Technologies, 4(3), 105-111. https://doi.org/10.34306/csit.v4i3.98

G. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In

Proceedings of the 11th International Conference on Architectural Support for Programming Languages and

Operating Systems. Boston, MA. October 2004.

S. Andersen and V. Abella. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP

Service Pack 2, Part 3: Memory Protection Technologies.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx

Hu, H., Chua, Z.L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of Data-Oriented Exploits. In:

Proceedings of the USENIX Security Symposium (2015)

Barford, P., Kline, J., Plonka, D., & Ron, A. (2002, November). A signal analysis of network traffic anomalies.

In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp. 71-82). ACM.

O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual

Network and Distributed System Security Symposium, pages 159–169, February 2004.

T.Jim,G.Morrisett,D.Grossman,M.Hicks,J.Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings

of USENIX Annual Technical Conference.Monterey, CA, June 2002.

Jang, D., Tatlock, Z., & Lerner, S. (2014, February). SafeDispatch: Securing C++ Virtual Calls from Memory

Corruption Attacks. In NDSS.

Febriyanto, E., Naufal, R. S., & budiarty, frizca. (2019). Attitude Competency Assessment in the 2013

curriculum based on elementary school Prototyping methods. IAIC Transactions on Sustainable Digital

Innovation (ITSDI), 1(1), 87-96. https://doi.org/10.34306/itsdi.v1i1.6

Yusup, M., Cahvadi, D., Febriyanto, E., & Budiarty, F. (2020, October). The Impact of Socio-Economic in

Digital Signature Using Blockchain Application. In 2020 8th International Conference on Cyber and IT Service

Management (CITSM) (pp. 1-6). IEEE.

Lukita, C., Magdalena, L., Rahardja, U., Pranata, S., & Budiarty, F. (2020). LEDGER MANAGEMENT

INFORMATION SYSTEM FOR NATIONAL SPORT COMMITTEE OF INDONESIA. PalArch's Journal of

Archaeology of Egypt/Egyptology, 17(6), 322-338.

Febriyanto, E., & Naufal, R. S. (2019). Attitude Competency Assessment in the 2013 Curriculum Based On

Elementary School Prototyping Methods. IAIC Transactions on Sustainable Digital Innovation, 1(1), 87-96.

Downloads

Published

2021-04-01

How to Cite

Kaviani J, V., Doval Amiri, P. A., Brujeni, F. Z., & Akhlaghi, N. (2021). Modification Data Attack inside Computer Systems: A critical Review. APTIKOM Journal on Computer Science and Information Technologies, 6(1), 59-66. https://doi.org/10.34306/csit.v6i1.410

Issue

Section

Articles