b uffer o verflow v ulnerabilities prudhviraj karumanchi vijay venugopalan vijaya raghavan cpsc 620...
DESCRIPTION
M OTIVATION Buffer Overflows constitute for about 50% of the vulnerabilities reported by CERT. According to National Vulnerability Database (NVD) CVE statistics, 563 buffer overruns were detected in 2008 and 431 buffer overruns out of 4,634 vulnerabilities were detected in 2009 till September. Educate “Future” software programmers.TRANSCRIPT
BUFFER OVERFLOW VULNERABILITIES
Prudhviraj Karumanchi Vijay Venugopalan Vijaya Raghavan
CPSC 620 Presentation12/3/2009
CONTENTS Motivation Basic structure of process memory Buffer Overflow Canary Method Static Analysis
ARCHERBOONSPLINTPolyspace C Verifier UNO
o Conclusion
MOTIVATION Buffer Overflows constitute for about 50% of
the vulnerabilities reported by CERT.
According to National Vulnerability Database (NVD) CVE statistics, 563 buffer overruns were detected in 2008 and 431 buffer overruns out of 4,634 vulnerabilities were detected in 2009 till September.
Educate “Future” software programmers.
BUFFER ?
Buffer :A temporary space in memory used to hold data.Buffer Overflow :Happens when data written into the buffer is larger than the size of the buffer.
In turn overwrites adjacent memory locations
SAMPLE BUFFER OVERFLOW FUNCTION
GetInput(){
char buffer[8];gets(buffer);
puts(buffer);}
Dangerous Function !!!
VIRTUAL ADDRESS SPACE A LOOK AT THE STACK
Local Variabl
es
OVER WRITING THE “RETURN ADDRESS”
#include<stdio.h>
notToExecute(){ printf(“This is not to be run\n");}
GetInput(){ char buffer[8]; gets(buffer); puts(buffer);}
main(){ GetInput(); return 0;}
CANARY METHOD TO DETECT BUFFER OVERFLOWS Stack canaries, are used to detect a stack buffer
overflow before execution of malicious code can occur.
This method works by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer.
Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer (and thus take control of the process) the canary value must also be overwritten.
STATIC ANALYSIS OF TOOLS Tools Analysis
ARCHER Symbolic, interprocedural,flow-sensitive analysis
BOON Integer ranges, interproceduralflow-insensitive analysisfor string functions.
Polyspace C Verifier Abstract interpretation,Interprocedural, flow-sensitive.
SPLINT Lightweight static analysis,Intraprocedural.
UNO Model checking, interprocedural,flow-sensitive.
DETECTION AND FALSE ALARM RATES
System Detection False Alarm
PolySpace 0.87 0.5
SPLINT 0.57 0.43
BOON 0.05 0.05
ARCHER 0.01 0
UNO 0 0
CONCLUSION No Software can be 100% bug free.
Buffer overflows can be reduced by reduced by enforcing better programming practices from the very early stages of Software Engineering.
Some of these are: Use of wrappers Training software programmers with ‘Good’ programming
practices Use of memn*() functions instead of str*() functions calloc() instead of malloc() Proper free()ing of memory etc.,