A Hybrid Method of Defense against Buffer Overflow Attacks

A. Dasari and P. Dasgupta (USA)


Information Security, Software Security


Buffer Overflow Attacks that exploit memory overruns in a variety of ways have been the most effective and difficult to prevent, methods of compromising system security. The root cause for exploitation of these vulnerabilities is the lack of availability of allocated size information of buffers at runtime. Consequently no bound checking is done in standard C library functions that are the most common interfaces for buffer manipulation leaving most C programs vulnerable to buffer overflow attacks. Ensuring proper bound checking at these interfaces can help prevent buffer overflow attacks. Pure static approach to bounds checking does not work, as it is not possible to know the allocated size of dynamically allocated buffers at compile time. On the other hand, relying on pure dynamic approaches for collecting allocated size information incurs high runtime overhead. A hybrid approach that collects buffer bound information using static and dynamic methods and ensures enforcement of these boundaries at runtime can be very effective in preventing buffer overflows. Such a hybrid approach lowers the overhead of obtaining bound information while improving the accuracy of the information obtained. Tests on the implemented hybrid defense method promise efficient prevention and complete coverage of various buffer overflow attacks.

Important Links:

Go Back