I'm giving a practice talk at 4pm; cookies will be provided.
Suan
>-----------------------------------------------
>
>Protecting C Programs from Attacks via Invalid Pointer Dereferences
>
>Writes via unchecked pointer dereferences rank high among vulnerabilities
>most often exploited by malicious code. The most common attacks use an
>unchecked string copy to cause a buffer overrun, thereby overwriting the
>return address in the function's activation record. Then, when the
>function returns, control is actually transferred to the attacker's code.
>Other attacks may overwrite function pointers, setjmp buffers, system-call
>arguments, or simply corrupt data to cause a denial of service.
>
>A number of techniques have been proposed to address such attacks. Some
>are limited to protecting the return address only; others are more
>general, but have undesirable properties such as having a high runtime
>overhead, requiring manual changes to the source code, or forcing
>programmers to give up control of data representations and memory
>management.
>
>This talk describes the design and implementation of a security tool for C
>programs that addresses all these issues: it has a low runtime overhead,
>does not require source code modification by the programmer, does not
>report false positives, and provides protection against a wide range of
>attacks via bad pointer dereferences, including but not limited to buffer
>overruns and attempts to access previously freed memory. The tool uses
>static analysis to identify potentially dangerous pointer dereferences,
>and memory locations that are legitimate targets of these pointers.
>Dynamic checks are then inserted; if at runtime the target of an unsafe
>dereference is not in the legitimate set, a potential security violation
>is reported, and the program is halted.
>
>
|