Modification Data Attack inside Computer Systems: A critical Review
Keywords:Modification, Control Data Attack, Non-Control Data Attack, Memory Security, Computer Security
This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take or erase critical data on the PCs and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.
Lazzez, A., & Slimani, T. (2015). Forensics investigation of web application security attacks. International
Journal of Computer Network and Information Security, 7(3), 10.
Keerthi, V. K. (2016). Taxonomy of SSL/TLS Attacks. International Journal of Computer Network and
Information Security, 8(2), 15.
Iyengar, N. C. S., Banerjee, A., & Ganapathy, G. (2014). A fuzzy logic based defense mechanism against
distributed denial of service attack in cloud computing environment. International Journal of Communication
Networks and Information Security, 6(3), 233.
Jonathan-Christofer Demay, Éric Totel, and Frédéric TronelSUPELEC: Automatic Software Instrumentation
for the Detection of Non-control-data Attacks, 2009.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer: Non-control-data Attacks are
Realistic Threats. Usenix Security Symposium, 2005.
A. Sotirov. Modern exploitation and memory protection bypasses.
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-?ow integrity: Principles, implementations, and
applications.In CCS. ACM, 2005.
Jonathan-Christofer Demay, Eric Totel and Frédéric Tronel SUPELEC, Rennes, France: SIDAN : a tool
dedicated to Software Instrumentation for Detecting Attacks on Non-control-data, 2009.
Khan, W. Z., Yang, X., Aalsalem, M. Y., & Arshad, Q. (2011). Comprehensive study of selective forwarding
attack in wireless sensor networks. International Journal of Computer Network and Information Security, 3(1),
[Hu, Z., Mukhin, V., Loutskii, H., & Kornaga, Y. (2016). Stochastic RA-Network for the Nodes Functioning
Analysis in the Distributed Computer Systems. International Journal of Computer Network & Information
Kodada, B. B., Prasad, G., & Pais, A. R. (2012). Protection against DDoS and data modification attack in
computational grid cluster environment. International Journal of Computer Network and Information Security,
Aleph One. Smashing the stack for fun and profit.Phrack Magazine, 49(7), Nov. 1996.
Tim Newsham. Format String Attacks.http://muse.linuxmafia.org/lost+found/format-string-attacks.pdf
CERT Security Advisories. http://www.cert.org/advisories/
United States Computer Emergency Readiness Team.Technical Cyber Security Alerts,
Microsoft Security Bulletin, http://www.microsoft.com/technet/security/
Cole Schlesinger, Karthik Pattabiramanz, Nikhil Swamy, David Walker, Benjamin Zorn. 2011 24th Computer
Security Foundations Symposium. Modular Protections against Non-control Data Attacks.
Jedidiah R. Crandall and Frederic T. Chong, University of California at Davis Computer Science Department,
Minos: Control Data Attack Prevention Orthogonal to Memory Model.
Dhakar, M., & Tiwari, A. (2013). A New Model for Intrusion Detection based on Reduced Error Pruning
Technique. International Journal of Computer Network and Information Security, 5(11), 51.
Kuperman, B. A., Brodley, C. E., Ozdoganoglu, H., Vijaykumar, T. N., & Jalote, A. (2005). Detection and
prevention of stack buffer overflow attacks. Communications of the ACM, 48(11), 50-56.
A. Baratloo, T. Tsai, and N. Singh, Transparent run-rime defense against stack smashing attacks, In
Proceedings of USENIX Annual Technical Conference, June 2000.
C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf
format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington,
Melese, S. Z., & Avadhani, P. S. (2016). Honeypot System for Attacks on SSH Protocol. International Journal
of Computer Network and Information Security (IJCNIS), 8(9), 19.
The Apache Software Foundation. http://www.apache.org/
Null HTTPd Remote Heap Overflow Vulnerability.http://www.securityfocus.com/bid/5774 and
Ghttpd Log() Function Buffer Overflow Vulnerability.http://www.securityfocus.com/bid/5960
C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow
vulnerabilities. In Proceedings of the 12th USENIX Security Symposium. Washington, DC, August 2003.
PaX Address Space Layout Randomization (ASLR).http://pax.grsecurity.net/docs/aslr.txt
Modification Data Attack Inside Computer Systems: A Critical Review (Vahid Kaviani J)
APTIKOM J. CSIT ISSN: 2528-2417 ? 60
H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B.Miller. Formalizing sensitivity in static analysis for
intrusion detection. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004.
Wilander, J., & Kamkar, M. (2003, February). A Comparison of Publicly Available Tools for Dynamic Buffer
Overflow Prevention. In NDSS (Vol. 3, pp. 149-162).
H. Feng, O. Kolesnikov, P. Fogla, W. Lee and W. Gong.Anomaly detection using call stack information. In
Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003.
J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. To appear
in Proceedings of the 37th International Symposium on Microarchitecture.Portland,OR. December 2004
A. Smirnov and T. Chiueh. DIRA: Automatic detection, identification and repair of control-data attacks. In
Proceedings of the 12th Network and Distributed System Security Symposium (NDSS), San Diego, CA,
February 3-4, 2005.
Sann, Z., Soe, T. thi, Knin, K. W. M., & Win, Z. M. (2020). Performance Comparison of Asymmetric
Cryptography (Case Study-mail Message). APTIKOM Journal on Computer Science and Information
Technologies, 4(3), 105-111. https://doi.org/10.34306/csit.v4i3.98
G. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In
Proceedings of the 11th International Conference on Architectural Support for Programming Languages and
Operating Systems. Boston, MA. October 2004.
S. Andersen and V. Abella. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP
Service Pack 2, Part 3: Memory Protection Technologies.
Hu, H., Chua, Z.L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of Data-Oriented Exploits. In:
Proceedings of the USENIX Security Symposium (2015)
Barford, P., Kline, J., Plonka, D., & Ron, A. (2002, November). A signal analysis of network traffic anomalies.
In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp. 71-82). ACM.
O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual
Network and Distributed System Security Symposium, pages 159–169, February 2004.
T.Jim,G.Morrisett,D.Grossman,M.Hicks,J.Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings
of USENIX Annual Technical Conference.Monterey, CA, June 2002.
Jang, D., Tatlock, Z., & Lerner, S. (2014, February). SafeDispatch: Securing C++ Virtual Calls from Memory
Corruption Attacks. In NDSS.
Febriyanto, E., Naufal, R. S., & budiarty, frizca. (2019). Attitude Competency Assessment in the 2013
curriculum based on elementary school Prototyping methods. IAIC Transactions on Sustainable Digital
Innovation (ITSDI), 1(1), 87-96. https://doi.org/10.34306/itsdi.v1i1.6
Yusup, M., Cahvadi, D., Febriyanto, E., & Budiarty, F. (2020, October). The Impact of Socio-Economic in
Digital Signature Using Blockchain Application. In 2020 8th International Conference on Cyber and IT Service
Management (CITSM) (pp. 1-6). IEEE.
Lukita, C., Magdalena, L., Rahardja, U., Pranata, S., & Budiarty, F. (2020). LEDGER MANAGEMENT
INFORMATION SYSTEM FOR NATIONAL SPORT COMMITTEE OF INDONESIA. PalArch's Journal of
Archaeology of Egypt/Egyptology, 17(6), 322-338.
Febriyanto, E., & Naufal, R. S. (2019). Attitude Competency Assessment in the 2013 Curriculum Based On
Elementary School Prototyping Methods. IAIC Transactions on Sustainable Digital Innovation, 1(1), 87-96.