| Buffer
overflow attack:A potential problem and its Implications
|
Definition Have
you ever thought of a buffer overflow attack ? It occurs through careless programming
and due to patchy nature of the programs. Many C programs have buffer overflow
vulnerabilities because the C language lacks array bounds checking, and the culture
of C programmers encourages a performance-oriented style that avoids error checking
where possible. Eg: gets and strcpy ( no bounds checking ). This paper presents
a systematic solution to the persistent problem of buffer overflow attacks. Buffer
overflow attack gained notoriety in 1988 as part of the Morris Worm
incident
on the Internet. These problems are probably the result of careless programming,
and could be corrected
by elementary testing or code reviews along the way.
THE ATTACK :- A (malicious) user finds the vulnerability in a highly privileged
program and someone else implements a patch to that particular attack, on that
privileged program. Fixes to buffer overflow attacks attempt to solve the problem
at the source (the vulnerable program) instead of at the destination (the stack
that is being overflowed).
StackGuard
:- It is a simple compiler extension that limits the amount of damage that a buffer
overflow attack can inflict on a program. The paper discusses the various intricacies
to the problem and the implementation details of the Compiler extension 'Stack
Guard '.
Stack Smashing Attack
:- Buffer overflow attacks exploit a lack of bounds checking on the size of input
being stored in a buffer array. The most common data structure to corrupt in this
fashion is the stack, called a ``stack smashing attack'' .
StackGuard
For Network Access :- The paper also discusses the impacts on network access to
the 'Buffer Overflow Attack'.
StackGuard
prevents changes to active return addresses by either :-
1. Detecting the
change of the return address before the function returns, or
2. Completely
preventing the write to the return address. MemGuard is a tool developed
to
help debug optimistic specializations by locating code statements that change
quasi-invariant
values.
STACKGUARD
OVERHEAD
" Canary StackGuard Overhead
" MemGuard StackGuard Overhead
" StackGuard Macrobenchmarks The
paper presents the issues and their implications on the 'IT APPLICATIONS' and
discusses the solutions through implementation details of 'Stack Guard'.
<<back |