Logo image
Back
Using program transformation to secure C programs against buffer overflows
Conference proceeding

Using program transformation to secure C programs against buffer overflows

C Dahn, S Mancoridis and IEEE COMPUTER SOCIETY
10TH WORKING CONFERENCE ON REVERSE ENGINEERING, PROCEEDINGS, v 2003-, pp 323-332
01 Jan 2003
DOI: https://doi.org/10.1109/WCRE.2003.1287263

Abstract

Computer Science Computer Science, Software Engineering Science & Technology Technology
Buffer overflows are the most common source of security vulnerabilities in C programs. This class of vulnerability, which is found in both legacy and modern software, costs the software industry hundreds of millions of dollars per year The most common type of buffer overflow is the run-time stack overflow. It is common because programmers often use stack allocated arrays. This enables the attacker to change a program's control flow by writing beyond the boundary of an array onto a return address on the run-time stack. If the arrays are repositioned to the heap at compile time, none of these attacks succeed. Furthermore, repositioning buffers to the heap should perturb the heap memory enough to prevent many heap overflows as well. We have created a tool called Gemini that repositions stack allocated arrays at compile time using TXL. The transformation preserves the semantics of the program with a small performance penalty. This paper discusses the semantics-preserving transformation of stack allocated arrays to heap allocated "pointers to arrays". A program that is amenable to a buffer overflow attack and several Linux programs are used as examples to demonstrate the effectiveness and overhead of our technique.

Metrics

10 Record Views
12 citations in Web of Science
14 citations in Scopus

Details

InCites Highlights

Data related to this publication, from InCites Benchmarking & Analytics tool:

Web of Science research areas
Computer Science, Software Engineering
Logo image