Certifying the Absence of Buffer Overflows

Abstract : Despite increased awareness and efforts to reduce buffer overflows, they continue to be the cause of most software vulnerabilities. In large part, these problems are due to the widespread use of unsafe library routines among programmers. For reasons of efficiency, such routines will continue to be used, even during the development of mission-critical and safety-critical software systems. Effective certification techniques are needed to ascertain whether unsafe routines are used in a safe manner. This report presents a technique for certifying the safety of buffer manipulations in C programs. The approach is based on two key ideas: (1) using a certifying model checker to automatically verify that a buffer manipulation is safe, and (2) validating the resulting invariant and proving it with a decision procedure based on Boolean satisfiability. The report also discusses the advantages and limitations of the approach with respect to today's existing solutions for buffer-overflow detection. Experimental results are presented that position the technique favorably against other static overflow-detection tools and indicate that the procedure can complement and augment these tools from a purely verification perspective.

[1]  Joe Jarzombek Systems, Networks and Information Integration Context for Software Assurance: Leveraging Collaboration of Initiatives to Ensure Integrity of Systems and Networks , 2004 .

[2]  John Wilander,et al.  A Comparison of Publicly Available Tools for Static Intrusion Prevention , 2002 .

[3]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[4]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[5]  Kedar S. Namjoshi,et al.  Lifting Temporal Proofs through Abstractions , 2002, VMCAI.

[6]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[7]  Richard Lippmann,et al.  Testing static analysis tools using exploitable buffer overflows from open source code , 2004, SIGSOFT '04/FSE-12.

[8]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[9]  Kendra J Kratkiewicz,et al.  Evaluating Static Analysis Tools for Detecting Buffer Overflows in C Code , 2005 .

[10]  Dinakar Dhurjati,et al.  Backwards-compatible array bounds checking for C with very low overhead , 2006, ICSE.

[11]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[12]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[13]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[14]  Gregory Tassey,et al.  Prepared for what , 2007 .

[15]  Sagar Chaki,et al.  The ComFoRT Reasoning Framework , 2005, CAV.

[16]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[17]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[18]  Robert C. Seacord,et al.  Secure coding in C and C , 2005 .

[19]  Somesh Jha,et al.  Buffer overrun detection using linear programming and static analysis , 2003, CCS '03.

[20]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[21]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[22]  Spiros Mancoridis,et al.  Using program transformation to secure C programs against buffer overflows , 2003, 10th Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings..

[23]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[24]  Sagar Chaki,et al.  SAT-Based Software Certification , 2006, TACAS.

[25]  Walter F. Tichy,et al.  Proceedings 25th International Conference on Software Engineering , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..