Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
The undecidability of aliasing
ACM Transactions on Programming Languages and Systems (TOPLAS)
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Buffer overflow and format string overflow vulnerabilities
Software—Practice & Experience - Special issue: Security software
Signatures for Library Functions in Executable Files
Signatures for Library Functions in Executable Files
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
FormatShield: A Binary Rewriting Defense against Format String Attacks
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional printf with code calling a safer version of printf, safe_printf, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the printf code statically. In addition, it reduces the performance overhead of the patched program by not modifying the calls to printf with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.