| Buffer Overflow Defenses |
| Author: Jedidiah R. Crandall, crandaj@erau.edu | ||
| This Document was Funded by the
National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 |
||
| Distributed July 2002 | ||
| Embry-Riddle Aeronautical University • Prescott, Arizona • USA | ||
| Buffer Overflow Defenses |
| This section presents some defenses against buffer overflows and their pros and cons in a not-too-technical manner | ||
| Caveats: | ||
| 1. This is not intended to be a complete list of products that defend against buffer overflows. | ||
| 2. There is no silver bullet that will stamp out buffer overflows, but some of these tools may help. | ||
| Kinds of Defenses |
| Better software engineering practices | |
| Find-and-patch methods | |
| Language tools | |
| Analysis tools | |
| Compiler tools | |
| Operating system tools |
| Better software engineering practices |
| Examples: Testing, code inspection, documentation of reused code | ||
| Pros: | ||
| Can prevent all types of buffer overflows before the software is released | ||
| Cons: | ||
| Time consuming, and time is money | ||
| Find-and-patch methods |
| Examples: Software patches, anti-virus software | ||
| Pros: | ||
| Very effective at preventing known attacks, or even unknown attacks on known vulnerabilities | ||
| Usually does not require that the software be recompiled | ||
| Cons: | ||
| Not effective at preventing attacks on unknown vulnerabilities, or sometimes unknown attacks on known vulnerabilities | ||
| Language tools |
| Examples: Java, Perl, Ada, Cyclone, or any language that is not as susceptible to buffer overflows as C/C++, or components/libraries for C/C++ that are less susceptible to buffer overflows | ||
| Pros: | ||
| Use of better languages or libraries will greatly ameliorate the buffer overflow problem | ||
| Cons: | ||
| The programmer still has to be able to know how to handle long input strings – Should the input be truncated? Rejected? Should the buffer be resized? Should the program halt? | ||
| C/C++ are popular languages and there are valid reasons for using them | ||
| Reused C code must be heavily modified to use new libraries | ||
| Analysis tools |
| Examples: static analysis tools that search the source code for possible buffer overflows, dynamic analysis tools that help identify buffer overflows during program execution for testing | ||
| Pros: | ||
| Static analysis tools can be very useful for code inspection | ||
| Dynamic analysis tools can help you catch errors during testing that you might not have caught otherwise | ||
| Cons: | ||
| Static analysis tools produce many false positives and only look for certain kinds of buffer overflows, such as unsafe library function calls | ||
| Compiler tools |
| Examples: Add automatic bounds checking to a C compiler, or protecting the return pointer (see StackGaurd applet) | ||
| Pros: | ||
| Adding automatic bounds checking to a C compiler can prevent many buffer oveflows | ||
| Protecting the return pointer virtually eliminates stack smashing, which is currently the most prevalent and disastrous kind of buffer overflow attack | ||
| Cons: | ||
| There is a performance overhead, especially for adding bounds checking to C compilers | ||
| Protecting the return pointer does not prevent heap-based attacks, denial-of-service attacks, or data corruption | ||
| Operating system tools |
| Examples: Intrusion detection, disabling execution of code where there shouldn’t be code | ||
| Pros: | ||
| Disabling the execution of code where there shouldn’t be code usually has a negligible performance cost | ||
| Intrusion detection systems can detect unknown attacks by monitoring user behavior for anomalies or likely attack patterns | ||
| Cons: | ||
| Neither of these will prevent every kind of buffer overflow attack | ||
| Intrusion detection is a developing technology and is not perfect | ||
| About this Project |
| This presentation is part of a larger
package of materials on buffer overflow vulnerabilities, defenses, and
software practices. For more information, go to: http://nsfsecurity.pr.erau.edu |
||
| Also available are: | ||
| Demonstrations of how buffer overflows occur (Java applets) | ||
| PowerPoint lecture-style presentations on an introduction to buffer overflows, preventing buffer overflows (for C programmers), and a case study of Code Red | ||
| Checklists and Points to Remember for C Programmers | ||
| An interactive module and quiz set with alternative paths for journalists/analysts and IT managers as well as programmers and testers | ||
| A scavenger hunt on implications of the buffer overflow vulnerability | ||
| Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements. | ||