Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, Jonathan Walpole
Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive measures that mitigate buffer overflow vulnerabilities, including our own StackGuard method. We then consider which combinations of techniques can eliminate the problem of buffer overflow vulnerabilities, while preserving the functionality and performance of existing systems.
- The paper does a good job of explaining why buffer overflow attacks are so pervasive and will continue to exist. The large amount of widely used C and C++ programs means that providing a way of protecting existing programs is very important.
- Many of the previous prevention techniques had serious performance drawbacks. Methods such as checking pointers meant that a program such as matrix multiplication is more heavily affected due to its reliance on pointer operations.
- The hand coded CPU stack inspector in assembler was a valiant effort, but does not protect against the full scope of vulnerabilities.
- The canary method has no discernible performance impact and is easy to implement since it is just a compiler modification. This makes it the best candidate for wide adoption and upon further reading it has become widely used.
- The authors raised the important point that in order to truly verify the level of protection provided by StackGuard, a compiler that manually checked bounds would need to be made.