Using program transformation to secure C programs against buffer overflows

Buffer overflows are the most common source of securityvulnerabilities in C programs. This class of vulnerability,which is found in both legacy and modern software, coststhe software industry hundreds of millions of dollars peryear.The most common type of buffer overflow is the run-timestack overflow. It is common because programmersoften use stack allocated arrays. This enables the attackerto change a program's control flow by writing beyond theboundary of an array onto a return address on the run-timestack. If the arrays are repositioned to the heap at compiletime, none of these attacks succeed. Furthermore, repositioningbuffers to the heap should perturb the heap memoryenough to prevent many heap overflows as well.We have created a tool called Gemini that repositionsstack allocated arrays at compile time using TXL. Thetransformation preserves the semantics of the program witha small performance penalty. This paper discusses thesemantics-preserving transformation of stack allocated arraysto heap allocated "pointers to arrays". A program thatis amenable to a buffer overflow attack and several Linuxprograms are used as examples to demonstrate the effectivenessand overhead of our technique.

[1]  Jeffrey K. Hollingsworth,et al.  An API for Runtime Code Patching , 2000, Int. J. High Perform. Comput. Appl..

[2]  Michael Shuey,et al.  StackGhost: Hardware Facilitated Stack Protection , 2001, USENIX Security Symposium.

[3]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[4]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[5]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[6]  Vassilis Prevelakis,et al.  Characterizing the 'security vulnerability likelihood' of software functions , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[7]  Eelco Visser,et al.  Stratego: A Language for Program Transformation Based on Rewriting Strategies , 2001, RTA.

[8]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[9]  Angelos D. Keromytis,et al.  A network worm vaccine architecture , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[10]  Kevin A. Schneider,et al.  Source transformation in software engineering using the TXL transformation system , 2002, Inf. Softw. Technol..

[11]  FrazerKen Building secure software , 2002 .

[12]  Kevin A. Schneider,et al.  Software engineering by source transformation - experience with TXL , 2001, Proceedings First IEEE International Workshop on Source Code Analysis and Manipulation.

[13]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..