TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection
#1

Abstract
Buffer overflow exploits make use of the treatment of strings in C as character arrays rather than first-class objects. The manipulation of arrays as pointers and primitive pointer arithmetic makes it possible for a program to access memory locations which it is not supposed to access. There have been many efforts in the past to overcome this vulnerability by performing array bounds checking in C. Most of these solutions are either inadequate, inefficient or incompatible with legacy code. In this report we present an efficient and transparent runtime approach for protection against all known forms of buffer overflow attacks. Our solution consists of two tools: TIED (Type Information Extractor and Depositor) and LibsafePlus. TIED extracts size information of all global and automatic buffers defined in the program from the debugging information produced by the compiler and inserts it back in the program binary as a data structure available at runtime. LibsafePlus is a dynamic library which provides wrapper functions for unsafe C library functions such as strcpy. These wrapper functions check the source and target buffer sizes using the information made available by TIED and perform the requested operation only when it is safe to do so. For performing bounds checking on variables defined in shared libraries which are loaded at runtime, we follow the same procedure as in the case of the executable. The shared library is first modified with TIED to include information about all global and automatic buffers in the library. This information is then utilized by LibsafePlus to check whether an out-of-bounds address belongs to a shared library or not. For dynamically allocated buffers, the sizes and starting addresses are recorded at runtime. With our simple design we are able to protect most applications with a performance overhead of less than 10%.
Introduction
Buffer overflows constitute a major threat to the security of computer systems today. A buffer overflow exploit is both common and powerful and is capable of rendering a computer system totally vulnerable to the attacker. As reported by CERT, 11 out of 20 most widely exploited attacks have been found to be buffer overflow attacks [1]. More than 50% of CERT advisories [2] for the year 2003 reported buffer overflow vulnerabilities. It is thus a major concern of the computing community to provide a practical and efficient solution to the problem of buffer overflow. In a buffer overflow attack, the attacker’s aim is to gain access to a system by changing the control flow of a program so that the program executes code that has been carefully crafted by the attacker. The code can be inserted in the address space of the program using any legitimate form of input. The attacker then corrupts a code pointer in the address space by overflowing a buffer and makes it point to the injected code. When the program later dereferences this code pointer, it jumps to the attacker’s code. Such buffer overflows occur mainly due to the lack of bounds checking in C library functions and carelessness on the programmer’s part. For example, the use of strcpy() in a program without ensuring that the destination buffer is at least as large as the source string is apparently a common practice among many C programmers. Buffer overflow exploits come in various flavours. The simplest and also the most widely exploited form of attack changes the control flow of the program by overflowing some buffer on the stack so that the return address or the saved frame pointer is modified. This is commonly called the “stack smashing attack” [3]. The simplest kind of buffer overflow attack is presented in the following example. void func (char *str) { char buffer[16]; ... strcpy (buffer, str); } Figure 1.1: A simple stack smashing attack Assuming that the attacker can control the contents of the string str, the local array buffer on the stack can be overflowed. The return address stored below buffer can be modified so that when the function func returns, the control jumps to the attack code which itself can be inserted into the program using str. Another class of attacks is return-into-libc attacks in which the return address is overwritten with the address of an existing C library function such as system() instead of pointing to the attacker’s code. Another simple program vulnerable to buffer overflow attacks is shown in Figure 1.2. The given program provides a “ write anything anywhere” primitive. The attacker controls the argument argv overflowing the character array buf during the first strcpy. This causes ptr to be overwritten. Thus ptr can be made to point to any memory location. The second strcpy then copies the contents of buf to the desired memory location. 3

Download full report
http://googleurl?sa=t&source=web&cd=1&ve...feplus.pdf&ei=LqlETvS3OsbIrQfi19jnAw&usg=AFQjCNHrrm4E7lynsJkmZo4DOdQCwPXrTQ&sig2=sNML1OeHcFhssSJ62PBEaw
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: common language runtime, common language runtime debug, woman tied up, common language runtime detected an invalid program, common language runtime download, silverlight developer runtime 4, common language runtime debugging services error,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Self-Protection in a Clustered Distributed System Projects9 6 2,334 25-02-2012, 11:28 AM
Last Post: seminar paper
  Differentiated Protection of Video Layers to Improve Perceived Quality Projects9 0 667 23-01-2012, 04:34 PM
Last Post: Projects9
  Double Buffer Java source code smart paper boy 0 864 30-08-2011, 12:08 PM
Last Post: smart paper boy
  RFB (Remote Frame Buffer) mechanical engineering crazy 7 6,522 03-08-2011, 09:50 AM
Last Post: seminar addict
  TESTING TOOLS full report seminar class 0 1,464 14-05-2011, 11:52 AM
Last Post: seminar class
  ON WIRELESS SCHEDULING ALGORITHMS FOR MINIMIZING THE QUEUE-OVERFLOW PROBABILITY project topics 1 1,746 09-05-2011, 11:55 AM
Last Post: seminar class
  A Signature-free Buffer Overflow Attack Blocker full report project topics 0 2,017 02-05-2011, 12:51 PM
Last Post: project topics
  Protection Against Web-based Password Phishing project topics 0 1,054 02-05-2011, 10:07 AM
Last Post: project topics
  ENHANCED PROTECTION SYSTEM FOR ONLINE –SHOPPING TO AVOID CROSS SITE SCRIPTING(XSS) seminar class 0 1,418 14-04-2011, 09:30 AM
Last Post: seminar class
  Water marking and tamper proofing for software protection seminar class 0 890 18-03-2011, 11:56 AM
Last Post: seminar class

Forum Jump: