15 is unfortunate because we nowadays have technology in place to |
15 is unfortunate because we nowadays have technology in place to |
16 prevent them effectively. But these kind of attacks are still |
16 prevent them effectively. But these kind of attacks are still |
17 very relevant even today since there are many legacy systems |
17 very relevant even today since there are many legacy systems |
18 out there and also many modern embedded systems often do not |
18 out there and also many modern embedded systems often do not |
19 take any precautions to prevent such attacks. The plot below shows |
19 take any precautions to prevent such attacks. The plot below shows |
20 the percentage of buffer overflow attacks w.r.t.~all attacks. |
20 the percentage of buffer overflow attacks listed in the US National |
21 The data is taken from the US National Vulnerability Database. |
21 Vulnerability Database.\footnote{Search for ``Buffer errors'' at |
|
22 \url{http://web.nvd.nist.gov/view/vuln/statistics}.} |
22 |
23 |
23 \begin{center} |
24 \begin{center} |
24 \begin{tikzpicture} |
25 \begin{tikzpicture} |
25 \begin{axis}[ |
26 \begin{axis}[ |
26 xlabel={year}, |
27 xlabel={year}, |
27 ylabel={\% of total attacks}, |
28 ylabel={\% of total attacks}, |
|
29 ylabel style={yshift=-1em}, |
28 enlargelimits=false, |
30 enlargelimits=false, |
29 xtick={1997,1999,...,2014}, |
31 xtick={1997,1998,2000,...,2014}, |
|
32 xmin=1996.5, |
30 xmax=2015, |
33 xmax=2015, |
31 ymax=20, |
34 ymax=21, |
32 ytick={0,2,...,20}, |
35 ytick={0,2,...,20}, |
33 scaled ticks=false, |
36 scaled ticks=false, |
34 axis lines=left, |
37 axis lines=left, |
35 width=9cm, |
38 width=12cm, |
36 height=5cm, |
39 height=5cm, |
37 ybar, |
40 ybar, |
38 x tick label style={font=\footnotesize}] |
41 nodes near coords= |
|
42 {\footnotesize |
|
43 $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, |
|
44 x tick label style={font=\footnotesize,/pgf/number format/1000 sep={}}] |
39 \addplot |
45 \addplot |
40 table [x=Year,y=Percentage] {bufferoverflows.data}; |
46 table [x=Year,y=Percentage] {bufferoverflows.data}; |
41 \end{axis} |
47 \end{axis} |
42 \end{tikzpicture} |
48 \end{tikzpicture} |
43 \end{center} |
49 \end{center} |
|
50 |
|
51 \noindent |
|
52 This statistics seems to indicate that in the last five years the |
|
53 number of buffer overflow attacks is around 10\% of all attacks |
|
54 (whereby the absolute numbers of attacks seem to grow each year). |
44 |
55 |
45 |
56 |
46 To understand how buffer overflow attacks work, we have to have |
57 To understand how buffer overflow attacks work, we have to have |
47 a look at how computers work ``under the hood'' (on the |
58 a look at how computers work ``under the hood'' (on the |
48 machine level) and also understand some aspects of the C/C++ |
59 machine level) and also understand some aspects of the C/C++ |