The problem of buffer overruns, i.e., writing past the end of an array, in C programs has been known since the early seventies as one of the possible consequences of the C language data integrity philosophy. Since the late eighties, when computer security incidents started affecting the Internet, it has been clear that buffer overruns are a powerful threat to system security as they allow ordinary users to gain superuser privileges on Unix systems. Nowadays, buffer overruns are one of the most popular exploits in the hacker scene. In this paper we present a tool for the automatic detection of buffer overrun vulnerabilities in object code. It can be applied to operating system components as well as ordinary programs. The tool is aimed at helping system administrators eliminate vulnerable programs before they are exploited. A fully working prototype for HP-UX and Linux systems is currently available. Extensions are planned for other Unix versions.
A tool for pro-active defense against the buffer overrun attack / D. Bruschi, E. Rosti, R. Banfi - In: Computer security, ESORICS 98 : 5th European Symposium on Research in Computer Security, Louvain-la-Neuve, Belgium, September 16-18, 1998 : proceedings / [a cura di] J.J. Quisquater. - Berlin : Springer, 1998 Sep. - ISBN 9783540650041. - pp. 17-31 (( Intervento presentato al 5. convegno European Symposium on Research in Computer Security tenutosi a Louvain-la-Neuve nel 1998.
A tool for pro-active defense against the buffer overrun attack
D. BruschiPrimo
;E. RostiSecondo
;R. BanfiUltimo
1998
Abstract
The problem of buffer overruns, i.e., writing past the end of an array, in C programs has been known since the early seventies as one of the possible consequences of the C language data integrity philosophy. Since the late eighties, when computer security incidents started affecting the Internet, it has been clear that buffer overruns are a powerful threat to system security as they allow ordinary users to gain superuser privileges on Unix systems. Nowadays, buffer overruns are one of the most popular exploits in the hacker scene. In this paper we present a tool for the automatic detection of buffer overrun vulnerabilities in object code. It can be applied to operating system components as well as ordinary programs. The tool is aimed at helping system administrators eliminate vulnerable programs before they are exploited. A fully working prototype for HP-UX and Linux systems is currently available. Extensions are planned for other Unix versions.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
