Title :
Enhancing security using legality assertions
Author :
Wang, Lei ; Cordy, James R. ; Dean, Thomas R.
Author_Institution :
Sch. of Comput., Queen´´s Univ., Kingston, Ont., Canada
Abstract :
Buffer overflows have been the most common form of security vulnerability in the past decade. A number of techniques have been proposed to address such attacks. Some are limited to protecting the return address on the stack; others are more general, but have undesirable properties such as large overhead and false warnings. The approach described in this paper uses legality assertions, source code assertions inserted before each subscript and pointer dereference that explicitly check that the referencing expression actually specifies a location within the array or object pointed at run time. A transformation system is developed to analyze a program and annotate it with appropriate assertions automatically. This approach detects buffer vulnerabilities in both stack and heap memory as well as potential buffer overflows in library functions. Runtime checking through using automatically inferred assertions considerably enhances the accuracy and efficiency of buffer overflow detection. A number of example buffer overflow-exploiting C programs are used to demonstrate the effectiveness of this approach.
Keywords :
C language; buffer storage; data flow analysis; file organisation; security of data; software libraries; buffer overflow-exploiting C programs; buffer overflows detection; buffer vulnerabilities; heap memory; legality assertions; library functions; pointer dereference; program analysis; runtime checking; security vulnerability; source code assertions; stack memory; subscript dereference; transformation system; Assembly systems; Buffer overflow; Computer languages; Libraries; Potential well; Programming profession; Protection; Reverse engineering; Runtime; Security;
Conference_Titel :
Reverse Engineering, 12th Working Conference on
Print_ISBN :
0-7695-2474-5
DOI :
10.1109/WCRE.2005.36
