Access Restriction

Author Rinard, Martin ♦ Cadar, Cristian ♦ Dumitran, Daniel ♦ Roy, Daniel M. ♦ Leu, Tudor
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Dynamic Check ♦ Programming Error ♦ Standard Way ♦ Buffer Overflow Attack ♦ Data Structure ♦ Net Effect ♦ Hash Table ♦ Web Site ♦ Security Vulnerability ♦ Generated Code ♦ Overflow Attack ♦ Dynamic Technique ♦ User Request ♦ Injected Code ♦ Memory Error ♦ Open Source Server ♦ Standard Compiler ♦ Address Space ♦ Buffer Overflow Vulnerability ♦ Bound Read ♦ Allocated Memory Block ♦ Bound Memory Access ♦ Bound Access ♦ Midnight Commander
Description Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. We have implemented a compiler that inserts dynamic checks into the generated code to detect all out of bounds memory accesses. When it detects an out of bounds write, it stores the value away in a hash table to return as the value for corresponding out of bounds reads. The net effect is to (conceptually) give each allocated memory block unbounded size and to eliminate out of bounds accesses as a programming error. We have acquired several widely used open source servers (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers, all of these servers are vulnerable to buffer overflow attacks as documented at security tracking web sites. Our compiler eliminates these security vulnerabilities (as well as other memory errors). Our results show that our compiler enables the servers to execute successfully through buffer overflow attacks to continue to correctly service user requests without security vulnerabilities. 1.
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 2004-01-01
Publisher Institution In Proceedings of the 2004 Annual Computer Security Applications Conference