Buffer Overflow Vulnerability Diagnosis For Commodity Software
Bu?er over?ow attacks have been a computer security threat in software-based systems and
applications for decades. The existence of bu?er over?ow vulnerabilities makes the system
susceptible to Internet worms and denial of service (DDoS) attacks which can cause huge
social and ?nancial impacts.
Due to its importance, bu?er over?ow problem has been intensively studied. Researchers
have proposed di?erent techniques to defend against unknown bu?er over?ow attacks. They
have also investigated various solutions, including automatic signature generation, automatic patch generation, etc., to automatically protect computer systems with known vulnerabilities. The e?ectiveness and e?ciency of the automatic signature generation approaches and
the automatic patch generation approaches are all based on the accurate understanding of
the vulnerabilities, the bu?er over?ow vulnerability diagnosis (BOVD). Currently, the results of automatic signature generation and automatic patch generation are far from satisfaction due to the insu?cient research results from the automatic BOVD.
This thesis de?nes the automatic bu?er over?ow vulnerability diagnosis (BOVD) problem
and provides solutions towards automatic BOVD for commodity software. It targets on
commodity software when source code and symbol table are not available. The solutions
combine both of the dynamic analysis techniques and static analysis techniques to achieve
Based on the observation that bu?er over?ow attack happens when the size of the destination bu?er is smaller than the total number of writes after the data copy process if the bu?er over?ow attack happens through a data copy procedure, the diagnosis results return the information of the size of destination bu?er, the total number of writes of a data copy procedure and how the user inputs are related with them. They are achieved through bound analysis, loop analysis and input analysis respectively. We demonstrate the e?ectiveness of this thesis approach using real world vulnerable applications including the bu?er over?ow vulnerabilities attacked by the record-setting Slammer and Blaster worms.
This thesis also does the complete case study for bu?er over?ow vulnerabilities which may have independent interests to researchers. Our bu?er over?ow case study results can help other researchers to design more e?ective defense systems and debugging tools against bu?er over?ow attacks.
Advisor:Dawn Song; James Joshi; Shi-Kuo Chang; Bruce R. Childers; Jose Carlos Brustoloni
School:University of Pittsburgh
School Location:USA - Pennsylvania
Source Type:Master's Thesis
Date of Publication:01/29/2009