Check out the new USENIX Web site. next up previous
Next: Introduction Up: Type-Assisted Dynamic Buffer Overflow Previous: Type-Assisted Dynamic Buffer Overflow

Abstract

Programs written in C are inherently vulnerable to buffer overflow attacks. Functions are frequently passed pointers as parameters without any hint of their sizes. Since their sizes are unknown, most run time buffer overflow detection techniques instead rely on signatures of known attacks or loosely estimate the range of the referenced buffers. Although they are effective in detecting most attacks, they are not infallible. In this paper we present a buffer overflow detection technique that range checks the referenced buffers at run time. Our solution is a small extension to a generic C compiler that augments executable files with type information of automatic buffers (local variables and parameters of functions) and static buffers (global variables in data / bss section) in order to detect the actual occurrence of buffer overflow. It also maintains the sizes of allocated heap buffers. A simple implementation is described, with which we currently protect vulnerable copy functions in the C library.