Apr. 16, 2001 to Apr. 19, 2001
Tzi-cker Chiueh , State University of New York at Stony Brook
Fu-Hau Hsu , State University of New York at Stony Brook
Abstract: Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This paper presents a compiler-based solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Return Address Defender (RAD) is a simple compiler patch that automatically creates a safe area to store a copy of return addresses and automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks. Using it to protect a program does not need to modify the source code of the protected programs. Moreover, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Empirical performance measurements on a fully operational RAD prototype show that programs protected by RAD only experience a factor of between 1.01 to 1.31 slow-down. In this paper we present the principle of buffer overflow attacks, a taxonomy of defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.
Tzi-cker Chiueh, Fu-Hau Hsu, "RAD: A Compile-Time Solution to Buffer Overflow Attacks", ICDCS, 2001, 2013 IEEE 33rd International Conference on Distributed Computing Systems, 2013 IEEE 33rd International Conference on Distributed Computing Systems 2001, pp. 0409, doi:10.1109/ICDSC.2001.918971