A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks (2003) [31 citations — 1 self]

Download:

by Manish Prasad, Tzi-cker Chiueh

In Proceedings of the USENIX Annual Technical Conference

http://www.ecsl.cs.sunysb.edu/tr/TR121.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Prasad03abinary,
    author = {Manish Prasad and Tzi-cker Chiueh},
    title = {A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks},
    booktitle = {In Proceedings of the USENIX Annual Technical Conference},
    year = {2003},
    pages = {211--224}
}

Years of Citing Articles

Abstract:

Buffer overflow attack is the most common and arguably the most dangerous attack method used in Internet security breach incidents reported in the public literature. Various solutions have been developed to address the buffer overflow vulnerability problem in both research and commercial communities. Almost all the solutions that provide adequate protection against buffer overflow attacks are implemented as compiler extensions and hence require the source code of the programs being protected to be available so that they can be re-compiled. While this requirement is reasonable in many cases, there are scenarios in which it is not feasible, e.g., legacy applications that are purchased from an outside vendor. The work reported in this paper explores application of static binary translation to protect Internet software from buffer overflow attacks. Specifically, we use a binary rewriting approach to augment existing Win32/Intel Portable Executable (PE) binary programs with a return address defense (RAD) mechanism [1], which protects the integrity of the return address on the stack with a redundant copy. This paper presents the disassembly and instrumentation issues involved in static binary translation, how our tool achieves satisfactory disassembly precision in the presence of indirect branches, position-independent code sequences, hand crafted assembly code and arbitrary code/data mixing, and how it ensures safe binary instrumentation in most practical cases. The paper reports our experiences with this approach, based on results of applying the resulting prototype to rewriting several commercial grade Windows applications

Citations

97	Smashing the stack for fun and profit – One - 1996
1	Windows NT buffer overruns" RAS: http://community.coresdi.com/ juliano/mnemonix12 Application Percentage Increase in size Percentage of functions that need INT 3 software interrupt WFtpd (Ftp server – Litchfield - 1998

View or Download | Add to My Collection | Correct Errors