FYI, I'll be giving a practice talk on Monday at 4:00pm in 2310.
I'll bring cookies, and will appreciate attendance and feedback.
Abstract below.
Suan
--------
Protecting C Programs from Attacks via Invalid Pointer Dereferences
Suan Hsi Yong and Susan Horwitz
(to appear in ESEC/FSE 2003)
Writes via unchecked pointer dereferences rank high among vulnerabilities
most often exploited by malicious code. The most common attacks use an
unchecked string copy to cause a buffer
overrun, thereby overwriting the return address in the function's
activation record. Then, when the function ``returns'', control is
actually transferred to the attacker's code. Other attacks may
overwrite function pointers, setjmp buffers, system-call arguments, or
simply corrupt data to cause a denial of service.
A number of techniques have been proposed to address such attacks. Some
are limited to protecting the return address only; others are more
general, but have undesirable properties such as
having a high runtime overhead, requiring manual changes to the source
code, or forcing programmers to give up control of data representations
and memory management.
This paper describes the design and implementation of a security tool for
C programs that addresses all these issues: it has a low runtime overhead,
does not require source code modification
by the programmer, does not report false positives, and provides
protection against a wide range of attacks via bad pointer dereferences,
including but not limited to buffer overruns and
attempts to access previously freed memory. The tool uses static analysis
to identify potentially dangerous pointer dereferences, and memory
locations that are legitimate targets of these
pointers. Dynamic checks are then inserted; if at runtime the target of an
unsafe dereference is not in the legitimate set, a potential security
violation is reported, and the program is halted.
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}