Sciweavers

USS
2004

TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection

14 years 1 months ago
TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection
Buffer overflow exploits make use of the treatment of strings in C as character arrays rather than as first-class objects. Manipulation of arrays as pointers and primitive pointer arithmetic make it possible for a program to access memory locations which it is not supposed to access. There have been many efforts in the past to overcome this vulnerability by performing array bounds checking in C. Most of these solutions are either inadequate, inefficient or incompatible with legacy code. In this paper, we present an efficient and transparent runtime approach for protection against all known forms of buffer overflow attacks. Our solution consists of two tools: TIED (Type Information Extractor and Depositor) and LibsafePlus. TIED extracts size information of all global and automatic buffers defined in the program from the debugging information produced by the compiler and inserts it back in the program binary as a data structure available at runtime. LibsafePlus is a dynamic library whic...
Kumar Avijit, Prateek Gupta, Deepak Gupta
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where USS
Authors Kumar Avijit, Prateek Gupta, Deepak Gupta
Comments (0)