This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Buffer overflows plays a vital role in 'C' programming. Buffer overflow vulnerabilities are one of the most security issues. The buffer overflow will occur when a programmer failed to bounds identify when writing data into unchanging size buffer. This report contains the buffer vulnerabilities and attacks also tell us that the buffer overflow defensive measures against buffer overflows.
Most of the software system like operating systems and system software are developed with 'C' programming. Linux and Sun solaris systems are written in 'C' programming. The internet services like e-mail, World Wide Web and domain name system are implemented in 'C'. In 'C' data which is taken as input is collected and stored into arrays. The allocation and de-allocation of arrays are being done during the run-time without any programmer help.
This process is not fine when stack arrays are vulnerable to buffer overflow attacks. Now, stack buffer overflows becomes most common form of security vulnerability in 'C' programming.
Buffer overflows may appear, if we want to store data more than the fixed size. Buffer overflows in 'C' programming may occur due to the lack of null characters at end of buffers, function calls in 'C', logical errors, by accessing buffer through pointers and insufficient checks before accessing buffers in program code.
The above figure depicts the buffer overflow in 'C' programming. The buffer in the above program is in the form of function called foo. The size of the buffer is 16 i.e. buf to buf. The ending address location of buffer is replaced with a variable called var1 and followed stack frame pointer and the return address (ret) of function 'foo' in figure 2.
The "ret" tells us that store the next instruction in memory location and read that instruction after the function is executed. A "Buffer Overflow" is occurred during the process of reading writing procedure.
BUFFER OVERFLOW VULNERABLITIES AND ATTACKS
The Buffer Overflows has become the most common form of security for the past few years. The buffer overflows vulnerability create some serious errors in piece of software, simply allow attackers to overflow data buffers that leads to corruption of variables. To attack the program code, the attacker must satisfy the following operations.
The program's address space must contain the suitable code.
The program needs to jump that code, by allocating parameters into registers and memory.
There are many ways to arrange suitable code to be in the program's address space.
There are mainly two ways to achieve this process. Firstly, Inject it and Secondly, Use the code which is already present.
The attacker provides one string as input to program and store it into buffer. The string contains the bytes of information that is being checked. The victim's buffer used by an attacker is use save the attacker code. Some disturbances are present in this method.
The attacker does not having the access to overflow any buffers to do this.
The buffer can be present any where
On the stack (automatic variables)
On the head ( malloc'd variables)
In the static data are (initialized or uninitialized)
It is already there
Means that, the required code for attacker is already present in the program's address space. The attacker needs only to be parameterized the code and then the program to jump to it.
There are mainly 2 ways to cause the program to jump to the attacker's code. They are as follows. There are many factors present along with buffer overflow attacks is the kind of state corrupted and where in the memory layout the state is located.
The activation record on stack contains the return address which is used for jump that required code. This process is done when the function is called each time. The attacker causes the program to jump to code by corrupting the return address in activation record. The following figure depicts the activation record example.
Fig 3: Buffer Overflow attack against Activation record
This form of attack is known as "Stack Smashing Attack" and cause majority of buffer overflows.
II. Function pointers
Function pointers can be allocated in anywhere areas like stack, heap, and static data area. Overflow of function pointer give a chance to jump the code. Sometimes, the code is jump to attacker's required location when a program makes a call through the function pointer. This type of attack occurred in superprobe program for Linux.
III. Long Jump Buffers
'C' language contain some type of simple check point/roll back procedure called setjmp/longjmp. The "setjmp" is used for checkpoint and "longjmp" is used to go back to check point. The attacker can corrupts the status of the buffer. Then, code is jumps to the attackers code instead when the longjmp(buffer) is executed. Like the function points, the long jump buffers are also located in any areas. So, that the attacker can find a overflowable adjacent buffer. This type of attack appeared against perl 5.003.
BUFFER OVERFLOW DEFENCES
There are mainly 4 types of methods are present to defending buffer overflow vulnerabilities and attacks. They are as follows.
The brute force method of writing correct code is written in section 1.
The operating system procedure is explained in section 2.
The direct compiler approach is presented in section 3.
The indirect compiler approach is presented in section 4.
The array bound checking is presented in section 5.
SECTION 1 - Writing Correct Code
Writing the correct code is impressive but it is little bit expensive and mainly when writing in languages like 'C'. 'C' has performance factors in writing the correct code. There are many rules and syntaxes are present to write the correct code. Instead of that, there are many tools and techniques are present to write the correct code lower buffer overflow vulnerabilities. There are vulnerable functions are present in 'C' like strcpy and sprint in 'C' standard library. The buffer overflow vulnerabilities and file system race conditions can also be obtained by using the code auditing team.
Here, the buffer overflow vulnerabilities are "Understated" means the 'strcpy' and 'sprintf' are also contains the buffer overflow vulnerabilities. To avoid these problems, the more advanced debugging tools came into existence. They are fault injection tools. The main thought behind this approach is inject the needy buffer overflows to identify the vulnerable programs. There are also static analysis tools present to detect many buffer overflows vulnerabilities.
The above mentioned tools are helpful in writing secure programs. These are not having 100% success rate, means that they minimize the security vulnerabilities but, there is no guarantee that these debugging techniques can remove all the buffer overflow vulnerabilities.
SECTION 2 - Non Executable Buffers
This is the process of making the victim's data segment of address space is non-executable. Avoiding the attacker to execute the code which is present in the victim's address space. This process of non-executable process is already used in older systems. But, now days, the systems like UNIX and MS Windows came with a procedure like dynamic code into data segments.
However, one can preserve program compatibility by making the stack segment non-executable. These are mainly two exceptional cases are present in Linux where executable code must be placed on stack.
This process of non-executable stack segment gives protection against attack like injecting code into automatic variables. There is no assurance that it eliminates all other attacks.
SECTION 3 - Array Bounds Checking
The Array Bound Checking is best approach to stop completely buffer overflow vulnerabilities and attacks rather than non-executable buffers. To develop the Array Bound Checking procedure, first of all, we need to note down all the read and write operations performed on the array within range. The direct procedure for doing this process is to check "all" array references. There are many methods to implement array bounds checking. Some of they are
3.3.1 Compaq C Compiler
The "_check_bounds" is used for Compaq C Compiler for the Alpha CPU in which supports limited form of array bounds checking. The bound checking is limited in the following ways.
Only explicit array references are needs to checked i.e. b is checked while "+ (b+4)" is used.
The subroutines are need not be checked.
The library functions like strcpy are also need to be checked.
This process is not fare because of limitation on array bound checking.
3.3.2 Jones&Kelly: Array Bounds Checking for "C"
Richard Jones and Paul Kelly introduce a new method for array bound checking called 'gcc' path. Gcc modules are compatible with compiled 'C' programs because of no change in pointers. Rather than that from every pointer expression they derive a base pointer and identifies that pointer to determine whether the given expression is within the bounds or not. This process is slow down the performance.
3.3.3 Purify: Memory Access Checking
A well known tool to identify all memory usages is purify. It is a debugging tool for 'C' programming. The arrays references are checked by getting the standard native executable program using purify. It is also slow down the performance and it is too expensive i.e. $5000 per copy.
3.3.4 Type Safe Language
Because of lack of type safety in 'C', the buffer overflow vulnerabilities are occurred. Simply means that, it is better to write code in language like Java or ML. It ensures beneficiary results.
SECTION 4 - CODE POINTER INTEGRITY CHECKING
This method is totally different from the array bounds checking. Here, the code pointer going to be corrupted before it is used. If, the attacker corrupts code pointer, the corrupted code pointer is never be used because, before using this, the corruption is going to be detected. This process has a disadvantage that it doesn't solve the problem of buffer overflows. The advantage of using this is it increases performance compatibility with existing code. It can be used at 3 different levels. They are
Hand coded stack Introspection
Stack Guard: Compiler generated Activation Record Integrity Checking
Point Guard: Compiler -Generated code Pointer Integrity checking.
SECTION 5 - COMPATABILITY AND PERFORMANCE CONSIDERATIONS
The disadvantage of the code pointer integrity checking is that it doesn't surely solve the problem of buffer overflows. But, in terms of performance and compatibility with the code and implementation effort as follows.
For each and every array element read or write the bounds checking must perform check and when a code pointer is dereference, every time, the code pointer integrity checking must perform check. In 'C' programming language, array references cause less overhead.
The difficulty with the 'C' semantics is that determining the bounds of an array.
SECTION 6 - EFFECTIVE COMBINATIONS
Comparing the Buffer overflow attacks and vulnerabilities with defensive measures gives us the solution to eliminate the buffer overflow problem. Combinations of these techniques will eliminate the buffer overflow problem. The following table shows that, buffer overflow attacks and defences.
Table 1: Buffer Overflow Attacks and Defences
In each cell, the combination of different defensive measures will give the effective manner of elimination of buffer overflow problem.[a]
In this short report, buffer overflow vulnerabilities, attacks and defences are analyzed. The combination of buffer overflow defensive measures will give good results. Stack guard defence and non-executable defence will serve to overcome the many buffer overflow attacks. Point guard defence will address the rest of the buffer overflow attacks.