论文信息 - Kimchi: A Binary Rewriting Defense Against Format String Attacks

Kimchi: A Binary Rewriting Defense Against Format String Attacks

We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional printf with code calling a safer version of printf, safe_printf, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the printf code statically. In addition, it reduces the performance overhead of the patched program by not modifying the calls to printf with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.

[1] Kyung-Suk Lhee,et al. Buffer overflow and format string overflow vulnerabilities , 2003, Softw. Pract. Exp..

[2] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[3] G. Ramalingam,et al. The undecidability of aliasing , 1994, TOPL.

[4] Navjot Singh,et al. Libsafe 2.0: Detection of Format String Vulnerability Exploits , 2003 .

[5] Tzi-cker Chiueh,et al. A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[6] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[7] William Landi,et al. Undecidability of static analysis , 1992, LOPL.

[8] Gary A. Kildall,et al. A unified approach to global program optimization , 1973, POPL.

[9] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[10] Mike Emmerik. Signatures for Library Functions in Executable Files , 1994 .

[11] Crispin Cowan,et al. FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[12] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.