DOI QR코드

DOI QR Code

Efficient Buffer-Overflow Prevention Technique Using Binary Rewriting

이진 코드 변환을 이용한 효과적인 버퍼 오버플로우 방지기법

  • 김윤삼 (충북대학교 전자계산학과) ;
  • 조은선 (충북대학교 전기전자컴퓨터공학부)
  • Published : 2005.06.01

Abstract

Buffer overflow is one of the most prevalent and critical internet security vulnerabilities. Recently, various methods to prevent buffer overflow attacks have been investigated, but they are still difficult to apply to real applications due to their run-time overhead. This paper suggests an efficient rewrite method to prevent buffer-overflow attacks only with lower costs by generating a redundant copy of the return address in stack frame and comparing return address to copied return address. Not to be overwritten by the attack data the new copy will have the lower address number than local buffers have. In addition, for a safer execution environment, every vulnerable function call is transformed during the rewriting procedure.

버퍼 오버플로우 공격은 가장 흔하고 위협적인 취약점 중의 하나이다. 최근 이러한 버퍼 오버플로우 공격을 막기 위하여 많은 연구가 이루어지고 있으나 실행시 발생하는 오버헤드 때문에 이를 적용하는 문제가 있다. 본 논문은 이진코드 형태의 파일에서 사용자 정의 함수를 변환하여 리턴 주소의 복사본을 스택의 특정 구역에 저장하고 공격 위험이 있는 문자열 함수를 재작성하고, 재작성된 함수 종료시 리턴 주소와 복사된 리턴 주소의 비교와 ebp 레지스터 값의 비교를 통해 오버플로우 공격을 탐지하는 방법을 제안한다.

Keywords

References

  1. Cert coordination center, http://www.cert.org/advisories
  2. OWASP, 'The Ten Most Critical Web Application Security Vulnerabilities', http://www.owasp.org/documentation/topten.html
  3. PSS Security Response Team Alert-New Worm: W32. Slammer, http://www.microsoft.com/technet/security/alerts/slammer.mspx
  4. J. Viega, J. Bloch, T. Kohno and G. McGRaw, 'ITS4: A static vulnerability scanner for c and c++ code', In proceeding of the 16th Annual Computer Security Applications Conference, Dec., 2000
  5. Eric Gaugh, Matt Bishop, 'Testing C Programs for Buffer Overflow Vulnerabilities', In proceedings of the 2003 Symposium on Networked and Distributed System Security, Feb., 2003
  6. Crispin Cowan, Calton Pu, Dave Maier, Heather Ginton, Jonathan Walpole, Peat Bakke, Steve Bettie, Aaron Grier, Perry Wagle and Qian Zhang, 'StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks', In proceeding of the 7th USENIX Security Conference. 1998
  7. Microsoft MDSN, 'Compiler Security Checks In Depth', http://msdn.microsoft.com/default.asp=/library/en-us/dv_vstechart/html/vctchcompiersecuritychecksin depth.sap
  8. 김종의, 이성욱, 홍만표, '버퍼오버플로우 공격 방지를 위한 컴파일러 기법', 정보처리학회논문지C 제9-C권 제4호, pp.453-458, 2002 https://doi.org/10.3745/KIPSTC.2002.9C.4.453
  9. A. Baratloo, N. Singh and T. Tasi, 'Transparent run-time defense against stack smashing attacks', In proceedings of USENIX Annual Technical Conference, June, 2000
  10. Make Frantzen, Mike Shuey, 'StackGhost: Hardware facilitated stack protection', In 10th USENIX Security Symposium, Aug., 2001
  11. D. Wagner, J. Foster, E. Brewer, and A. Aiken, 'A first step towards automated detection of buffer overrun vulnerabilities', In symposium on Network and Distributed System Security, pages 3-17, Feb., 2000
  12. M. Prasad and T. Chiueh, 'A Binary Rewriting Defense against Stack-based Buffer Overflow Attacks', In proceedings of the IEEE Symposium on Security and Pricvacy, May, 1996
  13. Tzi-Cker Chiueh and Fu-Hau Hsu, 'RAD: A Compile-time Solution to Buffer Overflow Attacks', In proceedings of Intermational Conference on Distributed Computing Systems (ICDCS), Phoenix, Arizona, USA, April, 2001 https://doi.org/10.1109/ICDSC.2001.918971
  14. 조 상, Windows disassembler, http://www.geocities.com/mysimpc/