1. State Key Laboratory of Information Security (Graduate School of the Chinese Academy of Sciences), Beijing 100049, China;
2. National Computer Network Intrusion Protection Center, Graduate School of the Chinese Academy of Sciences, Beijing 100049, China
[1] National Institut e of Standards and Technology. ICAT Metabase. http:PPicat. nist. govP[2] SANS Inst itute. The tw enty most critical internet security vulnerabilit ies. ht tp:PPwww. sans. orgPtop20P[3] Cowan C, Wagle P, Pu C, et al. Buffer overflows: attacks and defenses for the vulnerability of the decade. DARPA information survivabilityconference and exposition. DISCEX. 00. Proceedings, 2000, 2: 119~ 129[4] Conover M. w00w00 Security Team, w00w00 on heap overflows. http:PPwww. w00w00. orgPf ilesParticlesPheaptut. txt[5] Aleph One. Smashing the stack for fun and profit. Phrack, 1996, 7( 49) ht tp:PPwww. phrack. orgPshow. php? p= 49&a= 14[6] Wilander J. Security intrusions and intrusion prevention: [Mast er thesis]. Sweden: Linkê pings Universitet,Department of Computer and Informat ionScience. www. ida. liu. seP~ johw iP[7] Zhang XM. Sel-f manage data buff er memory-deliver code eff iciency, simplicity, portability, and security. http:PPwww-106. ibm. comPdeveloperworksPwebPlibraryPwa-memmng[8] Robert O. Calife: how to become root w ith one. s own password. http:PPmut t. frmug. orgPcalifeP[9] National Institut e of Standards and Technology. ICAT Metabase. http:PPicat. nist. govPicat. cfm?cvename= CAN-2004-0188[10] McGraw G, Viega J. Make your software behave: preventing buffer overflows.http:PPwww900.ibm.comPdeveloperWorksPcnPsecurityPbufferdefendPindexeng. shtml