Abstract: A general model of buffer overflow based attacks is described by unified modeling language. The analysis and comparison of the existing representative methods and apparatuses of defense and recovery against buffer overflow attacks are presented, including analyzing their vulnerabilities and possible means to bypass them. Highlighting the state-of-art challenging issues for facing the tradeoff of security and performance efficiency, and the continuing evolution of attach techniques, it is pointed out that security programming is the key to solve buffer overflow problems. Finally, some technical trends are given.