Implicit array bounds checking on 64-bit architectures
ACM Transactions on Architecture and Code Optimization (TACO)
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Feasibility study of software reengineering towards role-based access control
International Journal of Computer Applications in Technology
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
Buffer overflow patching for C and C++ programs: rule-based approach
ACM SIGAPP Applied Computing Review
| Hi-index | 0.00 |
Buffer overflows are the most common source of securityvulnerabilities in C programs. This class of vulnerability,which is found in both legacy and modern software, coststhe software industry hundreds of millions of dollars peryear.The most common type of buffer overflow is the run-timestack overflow. It is common because programmersoften use stack allocated arrays. This enables the attackerto change a program's control flow by writing beyond theboundary of an array onto a return address on the run-timestack. If the arrays are repositioned to the heap at compiletime, none of these attacks succeed. Furthermore, repositioningbuffers to the heap should perturb the heap memoryenough to prevent many heap overflows as well.We have created a tool called Gemini that repositionsstack allocated arrays at compile time using TXL. Thetransformation preserves the semantics of the program witha small performance penalty. This paper discusses thesemantics-preserving transformation of stack allocated arraysto heap allocated "pointers to arrays". A program thatis amenable to a buffer overflow attack and several Linuxprograms are used as examples to demonstrate the effectivenessand overhead of our technique.