RAD: a compile-time solution to buffer overflow attacks

Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This paper presents a compiler-based solution to the notorious buffer overflow attack problem. Using this...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:21st International Conference on Distributed Computing Systems (ICDCS 2001) s. 409 - 417
Hlavní autoři: Tzi-Cker Chiueh, Fu-Hau Hsu
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 2001
Témata:
Binary codes
Buffer overflow
Computer networks
Computer security
Libraries
Measurement
Program processors
Protection
Prototypes
Taxonomy
ISBN:0769510779, 9780769510774
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This paper presents a compiler-based solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Return address defender (RAD) is a simple compiler patch that automatically creates a safe area to store a copy of return addresses and automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks. Using it to protect a program does not need to modify the source code of the protected programs. Moreover, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Empirical performance measurements on a fully operational RAD prototype show that programs protected by RAD only experience a factor of between 1.01 to 1.31 slow-down. In this paper we present the principle of buffer overflow attacks, a taxonomy of defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.
ISBN:0769510779
9780769510774
DOI:10.1109/ICDSC.2001.918971