Abstract
The problem of buffer overruns, i.e., writing past the end of an array, in C programs has been known since the early seventies as one of the possible consequences of the C language data integrity philosophy. Since the late eighties, when computer security incidents started affecting the Internet, it has been clear that buffer overruns are a powerful threat to system security as they allow ordinary users to gain superuser privileges on Unix systems. Nowadays, buffer overruns are one of the most popular exploits in the hacker scene.
In this paper we present a tool for the automatic detection of buffer overrun vulnerabilities in object code. It can be applied to operating system components as well as ordinary programs. The tool is aimed at helping system administrators eliminate vulnerable programs before they are exploited. A fully working prototype for HP-UX and Linux systems is currently available. Extensions are planned for other Unix versions.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bach, M.J.: The design of the Unix operating system. Prentice-Hall International Series, 1986.
Bunch, S.: The setuid feature in Unix and security. Proceedings of the 10th National Security Conference, 1987.
Computer Emergency Response Team Coordination Center: ftp://ftp.cert.org/pub/advisories, Carnegie Mellon University.
Cowan, C., Pu, C., Maier, D., Hinton, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Ziang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. Proc. of the 7th USENIX Security Symposium, 1998.
Dean, D., Felten, E.W., Wallach, D.S.: Java security: from HotJava to Netscape and beyond, Proc. of the IEEE Symposium on Security and Privacy, Oakland, 1996.
Garfinkel, S., Spafford, E.: Practical UNIX and Internet Security. O’Reilly and Associates, 1996.
Gosling, J., Joy, B., Steele, J.: The Java language specification. Addison-Wesley, 1996.
Hastings, R., Joyce, B.: Purify: fast detection of memory leaks and access errors. Proc. of the Winter USENIX Conference, 1992.
Jones, R., Kelly, P.: Bounds checking for C. http://www-ala.doc.ic.ac.uk/phjk/BoundsChecking.html, July 1995.
Kernighan, B.W., Ritchie, D.M.: The C programming language. 2nd Ed. Prentice-Hall Software Series, 1988.
McKusick, M.K., Bostic, K., Karles, M.J., Quarterman, J.S.: The Design and Implementation of the 4.4BSD Operating System. Addison Wesley, 1996.
Mudge: How to write buffer overflows. http://www.10pht.com/advisories/bufero.html 1997.
One, A.: Smashing the stack for fun and profit. Phrack Magazine 49, Fall 1997.
Smith, N.P.: Stack smashing vulnerabilities in the UNIX operating system. http://millcomm.com/ nate/machines/security/stack-smashing/ 1997.
Snarskii, A.: FreeBSD Stack integrity patch. ftp://ftp.lucky.net/pub/unix/local/libc-letter, 1997.
Solar Designer: Non-Executable user stack. http://www.false.com/security/linux-stack/.
Spafford, E.: The Internet Worm incident. Proc. of the European Software Eng. Conference, pp 203–227, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bruschi, D., Rosti, E., Banfi, R. (1998). A tool for pro-active defense against the buffer overrun attack. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055853
Download citation
DOI: https://doi.org/10.1007/BFb0055853
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive