The Dynamic Buffer Overflow Detection and Prevent ion Tool for Yindows Executables Using Binary Rewr iting

This paper presents novel buffer overflow countermeasure tool for Windows portable executables at run-time. Our tool enables dynamically detecting and preventing of stack-based buffer overflow attacks for Windows applications, using binary rewriting method. Our solution protects the return address area and the previous frame pointer area of function stack frame in program stack to prevent program control flow from being changed at execution time. Protecting the return address and previous frame pointer, we have used additional stack memory area that is called safe-zone, storing original return address and previous frame pointer values. We has revised function prologue and function epilogue. The revised function prologue stores copies of the return address and the previous frame pointer values to our safe-zone, and the revised function epilogue overwrites the return address and the previous frame pointer on the stack with copies of them. The paper presents performance analysis result of our solution. The result shows that the relative performance overhead is about 1.6-2.6% and additional constant space overhead is about 25 Kbytes.

[1]  Richard Blum Professional Assembly Language , 2005 .

[2]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[3]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[4]  Avishai Wool,et al.  Install-time vaccination of Windows executables to defend against stack smashing attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  Tzi-cker Chiueh,et al.  A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[6]  Gary McGraw,et al.  An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[7]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[8]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[9]  Arash Baratloo,et al.  Libsafe: Protecting Critical Elements of Stacks , 2003 .

[10]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[11]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[12]  Tzi-cker Chiueh,et al.  RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[13]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[14]  Michael Zhivich Detecting buffer overflows using testcase synthesis and code instrumentation , 2005 .