Driving Home the Buffer Overflow Problem : A Training Module for Programmers and Managers

Repeatedly, news headlines read: "Buffer overflow in vendor’s product allows intruders to take over computer!” This widespread programming mistake is easy to make, exacerbated by the ubiquitous C language, and very simple to exploit. We describe a demonstration (a Java applet) appropriate for a traditional programming course to drive home key points: why buffer overflows occur, how overflows open the door to attackers, and why certain defense mechanisms should be used. The module is in its early stages of experimental use, with a formative evaluation to determine how well the module works and opportunities for its improvement.