RAD: A Compiler Time Solution to Buffer Overflow Attacks

Faculty: Tzi-cker Chiueh

Group Members:


Abstract:

Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This project presents a compiler-based solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Return Address Defender (RAD) is a simple compiler patch that automatically creates a safe area to store a copy of return addresses and automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks. Using it to protect a program does not need to modify the source code of the protected programs. Moreover, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Empirical performance measurements on a fully operational RAD prototype show that programs protected by RAD only experience a factor of between 1.01 to 1.31 slow-down. In this paper we present the principle of buffer overflow attacks, a taxonomy of defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.

Project Description:

This project presents a solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in BO attacks. Anecdotal evidence shows that BO attacks have already been used to attack programs since the 1960s. The most famous BO attack is the Internet Worm written by Robert T. Morris in 1988. Buffer overflow attacks can inflict upon almost any kind of programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. Usually the result of such an attack is that the attacker gains the root privilege on the attacked host.

Although the buffer overflow problem has been known for a long time, for the following reasons, it continues to present a serious security threat. First, programmers do not have the discipline to check array bounds in their programs and most compilers do not do this also thus programs with this vulnerability are generated continuously. It is not easy to ask all programmers to check array bounds in their programs. For example, as of the writing of this paper, July 23rd 2000, the title of one of the latest vulnerabilities reported by CERT is ? CA-2000-06 Multiple Buffer Overflows in Kerberos Authenticated Services.? Secondly, not all applications with this vulnerability have been found and for those that have been found, it is not easy to replace all of them. For the above reasons, having a tool to seal this security breach automatically is very important.

Return Address Defender (RAD) is a compiler extension that automatically inserts protection code into application programs that it compiled so that applications compiled by it will no longer be hijacked by return address attackers.
 

Publications:

Related Links: