A Taxonomy of Buffer Overflow Preconditions

Recent work on vulnerabilities has focused on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the end of the array, causing variables and state information to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a non-secure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon preconditions, or conditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.

[1]  H. Spiifford,et al.  Crisis and Aftermath , 1999 .

[2]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[3]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[4]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[5]  Yi He,et al.  Defending embedded systems against buffer overflow via hardware/software , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[6]  Dennis Hollingworth,et al.  Protection Analysis: Final Report , 1978 .

[7]  Kyung-Suk Lhee,et al.  Buffer overflow and format string overflow vulnerabilities , 2003, Softw. Pract. Exp..

[8]  Jun Xu,et al.  Architecture Support for Defending Against Buffer Overflow Attacks , 2002 .

[9]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[10]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[11]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[12]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[13]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[14]  R. P. Abbott,et al.  Security Analysis and Enhancements of Computer Operating Systems , 1976 .

[15]  Donn Seeley,et al.  A Tour of the Worm , 1988 .

[16]  Vitaly Osipov,et al.  Format String Attacks , 2005 .

[17]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[18]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[19]  Matt Bishop,et al.  Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.