IIT Kanpur Hackers' Workshop 2005 (IITKHACK05)

Buffer overflow attacks constitute a major threat to the security of computer systems today. A buffer overflow exploit is both common and powerful, and is capable of rendering a computer system totally vulnerable to the attacker. In this talk, I will give a brief introduction to the way such exploits work and describe a transparent runtime approach for efficient protection against these attacks.

Buffer overflow exploits make use of the treatment of strings in C as character arrays rather than as first-class objects. Manipulation of arrays as pointers and primitive pointer arithmetic make it possible for a program to access memory locations that it is not supposed to access. In our approach, the information about sizes of all global and automatic character arrays in the program is made available to the runtime system by rewriting the program executable and shared libraries. Unsafe C library functions, like strcpy(), are intercepted at runtime to check whether the destination buffer is large enough to hold the string being copied to it.

More information about the work and the related software can be found at the project homepage.

About the speaker

Kumar Avijit is a Ph.D. scholar at the Dept. of Computer Science and Engg. at IIT Kanpur. He graduated from IIT Kanpur with a B.Tech. in computer science in 2004. He is currently interested in models for capturing useful program behaviour and in techniques for application level intrusion detection using system call streams.

Download Presentation (PDF)