Buffer Overflow Vulnerability Diagnosis For Commodity Software

by Zheng, Jiang

Bu?er over?ow attacks have been a computer security threat in software-based systems and applications for decades. The existence of bu?er over?ow vulnerabilities makes the system susceptible to Internet worms and denial of service (DDoS) attacks which can cause huge social and ?nancial impacts. Due to its importance, bu?er over?ow problem has been intensively studied. Researchers have proposed di?erent techniques to defend against unknown bu?er over?ow attacks. They have also investigated various solutions, including automatic signature generation, automatic patch generation, etc., to automatically protect computer systems with known vulnerabilities. The e?ectiveness and e?ciency of the automatic signature generation approaches and the automatic patch generation approaches are all based on the accurate understanding of the vulnerabilities, the bu?er over?ow vulnerability diagnosis (BOVD). Currently, the results of automatic signature generation and automatic patch generation are far from satisfaction due to the insu?cient research results from the automatic BOVD. This thesis de?nes the automatic bu?er over?ow vulnerability diagnosis (BOVD) problem and provides solutions towards automatic BOVD for commodity software. It targets on commodity software when source code and symbol table are not available. The solutions combine both of the dynamic analysis techniques and static analysis techniques to achieve the goal. Based on the observation that bu?er over?ow attack happens when the size of the destination bu?er is smaller than the total number of writes after the data copy process if the bu?er over?ow attack happens through a data copy procedure, the diagnosis results return the information of the size of destination bu?er, the total number of writes of a data copy procedure and how the user inputs are related with them. They are achieved through bound analysis, loop analysis and input analysis respectively. We demonstrate the e?ectiveness of this thesis approach using real world vulnerable applications including the bu?er over?ow vulnerabilities attacked by the record-setting Slammer and Blaster worms. This thesis also does the complete case study for bu?er over?ow vulnerabilities which may have independent interests to researchers. Our bu?er over?ow case study results can help other researchers to design more e?ective defense systems and debugging tools against bu?er over?ow attacks.