Abstract

The presence of buffer overflow (BOF) vulnerabilities in programs hampers essential security objectives such as confidentiality, integrity and availability. In particular, exploitations of BOF might lead to many unwanted consequences including denial of service through program crash, control flow hijacking, and corrupted program state. When BOF vulnerabilities are detected, they need to be patched before the software is redeployed. Source level automatic patching of vulnerabilities has the challenges of finding a set of general rules and consistently applying them without bringing any side effects to intended software. This paper proposes a set of general rules to address the mitigation of BOF vulnerabilities for C/C++ programs. In particular, we developed a set of rules to identify vulnerable code and how to make the code vulnerability free. The proposed rule-based approach addresses both simple (one statement) and complex (multiple statements) forms of code that can be vulnerable to BOF ranging from unsafe library function calls to the pointer usage in control flow structures (loop and conditional statements). We evaluated the proposed approach using two publicly available benchmarks and a number of open source C/C++ applications. The results show that the proposed rules can not only identify previously known BOF vulnerabilities, but also find new vulnerabilities. Moreover, the patching rules impose negligible overhead to the application.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.