RAD: A Compile-Time Solution to Buffer Overflow Attacks
نویسندگان
چکیده
This paper presents a solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Buffer overflow attacks can occur in almost any kind of programs and is one of the most common vulnerabilities that can seriously compromise the security of a system. Usually the end result of such an attack is that the attacker gains the root privilege on the victim host. Return Address Defender (RAD) automatically creates a safe area to store a copy of return addresses to defend programs against buffer overflow attacks. It also automatically adds protection code into applications that it compiled. Using it to protect a program does not need to modify the source code of the program. Besides, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Programs protected by RAD only experience a 1.4x performance penalty in the worst case and will no longer be hijacked by return address attackers. Finally, when an attack is detected, RAD sends a real-time message and an email to the system administrator before it terminates the attacked program. This helps the administrator to detect the intrusion in real time and helps them catch the intruder on the spot. In this paper we present possible attack patterns of return address attacks, proposed defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.
منابع مشابه
DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks
Buffer overflow attacks are known to be the most common type of attacks that allow attackers to hijack a remote system by sending a specially crafted packet to a vulnerable network application running on it. A comprehensive defense strategy against such attacks should include (1) an attack detection component that determines the fact that a program is compromised and prevents the attack from fu...
متن کاملBuffer overflow and format string overflow vulnerabilities
Buffer overflow vulnerabilities are among the most widespread of security problems. Numerous incidents of buffer overflow attacks have been reported and many solutions have been proposed, but a solution that is both complete and highly practical is yet to be found. Another kind of vulnerability called format string overflow has recently been found, and though not as popular as buffer overflow, ...
متن کاملStackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vuln...
متن کاملType-Assisted Dynamic Buffer Overflow Detection
Programs written in C are inherently vulnerable to buffer overflow attacks. Functions are frequently passed pointers as parameters without any hint of their sizes. Since their sizes are unknown, most run time buffer overflow detection techniques instead rely on signatures of known attacks or loosely estimate the range of the referenced buffers. Although they are effective in detecting most atta...
متن کاملRetrospective Protection utilizing Binary Rewriting
Buffer overflow vulnerabilities present a common threat. To encounter this issue, operating system support and compile-time security hardening measures have been introduced. Unfortunately, these are not always part of the shipped object code. We present design and implementation of BinProtect, a binary rewriting tool, capable of retrospectively protecting binaries, which have not been sufficien...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001