This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: A Practical Dynamic Buffer Overflow Detector Olatunji Ruwase Transmeta Corporation 3990 Freedom Circle Santa Clara, CA 95054 firstname.lastname@example.org Monica S. Lam Computer Systems Laboratory Stanford University Stanford, CA 94305 email@example.com Abstract Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discov- ered in programs in use. A dynamic bounds checker de- tects buffer overruns in erroneous software before it oc- curs and thereby prevents attacks from corrupting the in- tegrity of the system. Dynamic buffer overrun detectors have not been adopted widely because they either (1) cannot guard against all buffer overrun attacks, (2) break existing code, or (3) incur too high an overhead. This paper presents a practical detector called CRED (C Range Error Detec- tor) that avoids each of these deficiencies. CRED finds all buffer overrun attacks as it directly checks for the bounds of memory accesses. Unlike the original referent-object based bounds-checking technique, CRED does not break existing code because it uses a novel solution to support program manipulation of out-of-bounds addresses. Fi- nally, by restricting the bounds checks to strings in a pro- gram, CREDs overhead is greatly reduced without sacri- ficing protection in the experiments we performed. CRED is implemented as an extension of the GNU C compiler version 3.3.1. The simplicity of our design makes possible a robust implementation that has been tested on over 20 open-source programs, comprising over 1.2 million lines of C code. CRED proved effective in de- tecting buffer overrun attacks on programs with known vulnerabilities, and is the only tool found to guard against a testbed of 20 different buffer overflow attacks. Find- ing overruns only on strings impose an overhead of less This research was performed while the first author was at Stanford Uni- versity, and this material is based upon work supported in part by the National Science Foundation under Grant No. 0086160. than 26% for 14 of the programs, and an overhead of up to 130% for the remaining six, while the previous state-of- the-art bounds checker by Jones and Kelly breaks 60% of the programs and is 12 times slower. Incorporating well- known techniques for optimizing bounds checking into CRED could lead to further performance improvements. 1. Introduction Buffer overflows are the most common form of secu- rity threat in software systems today, and vulnerabilities attributed to buffer overflows have consistently dominated CERT advisories. In the year 2002, 57% of security ad- visories for the year were related to buffer overflow vul- nerabilities. As of August 2003, 50% of the security advi- sories issued for the year fell under this category. In addi- tion, 50% of the 60 most severe vulnerabilities as posted on CERT/CC were caused by buffer overflow errors in programs. A similar pattern is also observable in vul- nerabilities listings posted on computer security websites,...
View Full Document
This note was uploaded on 05/14/2008 for the course CS 503 taught by Professor Kihongpark during the Spring '07 term at Purdue University-West Lafayette.
- Spring '07
- Operating Systems