Analyzing Programs for Vulnerability to Bu er Overrun Attacks
نویسندگان
چکیده
This paper presents an approach for analyzing security-critical software for vulnerability to bu er overrun attacks. In practice, bu er overruns are a commonly exploited attack against security-critical software systems. Bu er overrun attacks are made possible by aws in designing and implementing software. This paper describes a software analysis tool that dynamically analyzes software source code to determine the potential to successfully overrun program bu ers in order to execute arbitrary system commands. The methodology employs software fault injection to insert malicious strings into potentially vulnerable bu ers during execution. If the bu er overrun attack is successful, arbitrary code can be executed at the whim of the attacker on the host system. Programs that are found to be vulnerable can be forti ed to prevent bu er overrun attacks from being successful in the eld. Three new algorithms for bu er overrun analysis are presented.
منابع مشابه
PASAN: Automatic Patch and Signature Generation for Bu er-Over ow Attacks
Control-hijacking attacks exploit vulnerabilities in programs to take control of the victim applications and eventually their underlying machines. Although much work has been done on detection and prevention of control-hijacking attacks, most of them did not support adequate post-attack response which should include attack signature and patch generation. Ideally, after a control-hijacking attac...
متن کاملAnalyzing String Buffers in C
A buffer overrun occurs in a C program when input is read into a buffer whose length exceeds that of the buffer. Overruns often lead to crashes and are a widespread form of security vulnerability. This paper describes an analysis for detecting overruns before deployment which is conservative in the sense that it locates every possible buffer overrun. The paper details the subtle relationship be...
متن کاملA Comparison of Publicly Available Tools for Static Intrusion Prevention?
The size and complexity of today's software systems is growing, increasing the number of bugs and thus the possibility of security vulnerabilities. Two common attacks against such vulnerabilities are bu er over ow and format string attacks. In this paper we implement a testbed of 44 function calls in C to empirically compare ve publicly available tools for static analysis aiming to stop these a...
متن کاملA Practical Dynamic Buffer Overflow Detector
Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discovered in programs in use. A dynamic bounds checker detects buffer overruns in erroneous software before it occurs and thereby prevents attacks from corrupting the integrity of the system. Dynamic buffer overrun detectors have not been adopted widely because they either (1) cannot guard...
متن کاملOptimized Software Synthesis for DigitalSignal Processing
This paper addresses the problem of trading-o between the minimization of program and data memory requirements of single-processor implementations of data ow programs. Based on the formal model of synchronous data ow (SDF) graphs [LM87], so called single appearance schedules are known to be program-memory optimal. Among these schedules, bu er memory schedules are investigated and explored based...
متن کامل