Journal of KIISE:Computing Practices and Letters (한국정보과학회논문지:컴퓨팅의 실제 및 레터)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A Device of Static Buffer Overflow Detection by using Function Summary and Tracking Information Flow of Buffer Domain

함수요약 및 버퍼의 도메인 정보흐름 추적에 의한 정적 버퍼넘침 탐지방안

  • Published : 2001.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

In C language, a local buffer overflow in stack can destroy control information stored near the buffer. In case the buffer overflow is used maliciously to overwrite the stored return address, the system is exposed to serious security vulnerabilities. This paper analyzes the process of buffer overflow hacking and methodologies to avoid the attacks in details. And it proposes a device of static buffer overflow detection by using function summary and tracking information flow of buffer domain at assembly source code level(SASS, Static Assembly Source code Scanner) and then show the feasibility and validity of it by implementing a prototype in Pentium based Linux environment.

C 언어에서 스택에 할당된 지역변수가 넘칠 경우 주변에 위치한 제어정보가 손상을 입는다. 이러한 C언어 특성이 악의적으로 사용되어 주변의 복귀주소가 교묘하게 조작되면 그 시스템을 심각한 보안상 위험에 노출된다. 본 논문에서는 이러한 버퍼넘침을 유발하는 라이브러리 함수에 전달된 버퍼의 도메인 정보흐름을 추적하여 프로그램 작성자에게 버퍼넘침 가능성을 통지할 수 있는 정적 어셈블리 소스코드 탐색(static assembly source code scan)방안을 제안하고 그 실현 가능성 및 유의성을 펜티엄기반 리눅스 환경에서의 프로토타입 구현으로 진단한다.

Keywords

References

  1. David Wagner, Jeffery S.Foster, Eric A. Brewer, Alexander Aiken, 'A First Step Towards Automated Detection of Buffer Overtun Vulnerabilities,' Proceeing of 7th Network and Distributed System Security Symposium, 2000.2
  2. David Larochelle, David Evans, 'Staticlly Detecting Likely Buffer Overflow Vulerabilities,' Proceddings of USENIX 10th Symposium on Security, 2001.8
  3. 이형봉, 차흥준, 박정현, '펜티엄기반 리눅스시스템에서 가변스텍에 의한 버퍼넘침 해킹공격 방지방안', 한국정보과학회 가을학술대회 논문집(I), pp.653-655
  4. Aleph One, 'Smashing the stack for fun and profit,' Phrack Magazine, 49(14), 1998
  5. 이형봉, 'UNIX/LINUX 커널의 설계 및 구현', 흥릉과학출판사, 2000.1
  6. 이형봉, 차흥준, 노희영, 이상민, 'C 언어에서 프로세서의 스택관리 형태가 프로그램 보안에 미치는 영향', 정보처리학회 학술논문지 제8-C권 제1호, pp.1-13
  7. Intel, 'Pentium Processor Users's Manual(Volume 3:Architecture and Programming Manual),' Intel, 1993
  8. Brian W. Kernighan, Dennis M. Ritchie, 'The C Programming Language,' Prentice-Hall., 1978
  9. Jones, R. W. M. and Kelly, P. H. J. 'Backwards-compatible bounds checking for arrays and pointers in C programs,' Third International Workshop on Automated Debugging, M. Kamkar and D. Byers, eds (Linkoping University Electronic Press), pp.13-27, 1997
  10. Compaq. ccc, 'C Compiler for Linux,' http://www.unix.digital.com/linux/compaq_c, 1999
  11. Reed Hastings and Bob joyce, 'Purify: Fast Detection of Memory Leaks and Access Errors,' Proceedings of the Winter USENIX Conference, 1992
  12. Crispin Cowan, Calton Pu, 'Stack Guard: automatic adaptive detection and prevention of buffer-overflow attacks,' Proceeding of the 7th USENIX Security Conference, 1998
  13. Kaladis 'Solar Designer's Sccure-Linux Patch,' http://freshmeat.net/projects/hypersec, 2001.6
  14. Openwall Project 'Linux kernel patch from the openwall project,' http://www.openwall.com/linux. 2001.3
  15. Rafal Wojtczuk, 'Defeating Solar Designer non-executable stack patch,' BugTraq Archive, 1998,1, http://www.securityfocus.com/archive/1/70552
  16. Qian Zhang, 'The Synthetix MemGuard Kernel Programmer's Interface,' http://www.cse.ogi.edu/DISC/projects/synthetix/toolkit/MemGuard/Memguard.html
  17. Arash Baratloo, Timothy Tsai, Navjot Singh, 'Transparent Run-Time Defense Against Stack Samshing Attacks,' Proceedings of 2000 USENIX Annual Technical Conference, 2000.6
  18. Alexandre Snarskii, 'Increasing overall security...' ftp://ftp.lucky.net/pup/unix/local/libc-letter, http://www.lexa.ru:8100/snar/libparanoia, 1997
  19. Forrest J. Cavalier, 'libmib allocated string functions,' http://www.mibsoftware.com/libmib/astring, 1998
  20. John Viega. J.T. Bloch, Tadayyoshi Kohno, Gary McGraw, 'ITS4:A Static Vulnerability Scanner for C and C-' Code,' Annual Computer Security Applications Conference, 2000.12 https://doi.org/10.1109/ACSAC.2000.898880