Conference proceeding
Using program transformation to secure C programs against buffer overflows
10TH WORKING CONFERENCE ON REVERSE ENGINEERING, PROCEEDINGS, Vol.2003-, pp.323-332
01 Jan 2003
Abstract
Buffer overflows are the most common source of security vulnerabilities in C programs. This class of vulnerability, which is found in both legacy and modern software, costs the software industry hundreds of millions of dollars per year
The most common type of buffer overflow is the run-time stack overflow. It is common because programmers often use stack allocated arrays. This enables the attacker to change a program's control flow by writing beyond the boundary of an array onto a return address on the run-time stack. If the arrays are repositioned to the heap at compile time, none of these attacks succeed. Furthermore, repositioning buffers to the heap should perturb the heap memory enough to prevent many heap overflows as well.
We have created a tool called Gemini that repositions stack allocated arrays at compile time using TXL. The transformation preserves the semantics of the program with a small performance penalty. This paper discusses the semantics-preserving transformation of stack allocated arrays to heap allocated "pointers to arrays". A program that is amenable to a buffer overflow attack and several Linux programs are used as examples to demonstrate the effectiveness and overhead of our technique.
Metrics
4 Record Views
Details
- Title
- Using program transformation to secure C programs against buffer overflows
- Creators
- C Dahn - Drexel UniversityS Mancoridis - Drexel UniversityIEEE COMPUTER SOCIETY
- Publication Details
- 10TH WORKING CONFERENCE ON REVERSE ENGINEERING, PROCEEDINGS, Vol.2003-, pp.323-332
- Publisher
- IEEE
- Number of pages
- 10
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Identifiers
- 991019167663704721
UN Sustainable Development Goals (SDGs)
This output has contributed to the advancement of the following goals:
Source: InCites
InCites Highlights
These are selected metrics from InCites Benchmarking & Analytics tool, related to this output
- Web of Science research areas
- Computer Science, Software Engineering