Chapter 11  Software Flaws and Malware

Buffer overflow:  Input length is greater than the length of buffer.  The information in the buffer gets overwritten.  A canary tells when the buffer is full if it the canary value is overwritten.

Race conditions:  Security processes should be atomic (occur at the same time all of them).  Since they are not Trudy can get inbetween the processes like mkdir in Unix and get access to the directories made.

Incomplete mediation:  The input length of data is longer than the buffer length, this creates an error with this name.

How to detect malware:

bulletSignature
bulletChange detection
bulletAnomaly Detection