This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This paper proposes the buffer overflow attack, one of the most serious vulnerability issue concerned with the cyber security. This is a dominant tool for abusers in the internet; in addition recent with rapidly growing internet and security threads, worms are being whipped up and executed using buffer overflow vulnerability. The intend of this paper is to provide logical interpretation and factors about the inconvenience caused by buffer overflow along with its trends, types and research about how they are handled in the future, that can be understood by all with assuming that brief background of IT and computing methodology of applications, along with its trends and the future of them. We will initiate by glancing at mandatory information of the buffer overflow, then examine the trends and after investigating the avoidance approaches for buffer overflow. It is then discussed that even with the modern technology and safer system buffer overflow is still occurrence & causes troubles to applications and systems.
In computing technology and security circles, an inconsistency referred as buffer overflow and malicious nature of buffer-overflow attacks treated as the most common instance of security vulnerabilities and also has become identical with vulnerabilities (Foster et al, 2005). Buffer overflow is a confirmation of misconception in formulating, designing as well as implementing secure codes. In computer programming, while the data is being written to a buffer, it gets overflow by crossing the barrier and then overwrites to adjoining memory localities. Buffer overflow is by a outcome of awfully constructed and executed programs. Buffer overflow can introduce rapidly through the firewall of newly revised anti-virus software even though in the entirely patched secured environment. Blunders caused by the buffer overflow enables the code to overwrite memory slots apart from the limits of the buffer by making distortion of the buffer space of the code and causes execution of placed code according to the request (Rinard et al, 2004).
Trends in buffer overflow attacks
From couple of years, the buffer overflow attacks have been giving rise to serious computing and security inconveniences. Following figure 1 exhibits the percentage of total vulnerabilities meeting with years. Most of the problems are usually caused by the buffer overflow attacks, and this percentage is still rising with time. Most recent instance includes the Code Red, Code Red II plus their variations, which reveals the recognized buffer overflow impressionabilities in the Microsoft Index Service DLL. Whereas in 2003, bladder worms like Sapphire and MSBlaster causes system failure by employing buffer overflow attack (Shao et al., 2007).
For the year 2002, more than 50% of vulnerabilities are belonged to the buffer overflow, whereas for besides years 60 % of vulnerabilities were produced by buffer overflow blunders in programs (Pfleeger et al, 2003).
Why buffer overflow attacks occur?
In buffer overflow attacks that inserted unwanted data may consist of such codes, which are specifically plot to achieve specific activity in order to attack victimââ‚¬â„¢s system by damaging the system files, modifying the user data, or shedding secured information. So buffer overflow may take place anytime, as because when the current program is proceeding to write more information into the space of buffer more than allotted space in the memory. Consequently, the attackers use this to overwrite their own untrustworthy, code other than primary code to crash the target system (Wutang, 2001)
Most time, the attacker wants to change, transform or take off this wise information from the system or in some cases they want to crash down the entire system of the target. The total accountability to achieve an accurate program is on the computer programmer and not on the compiling program, so execution of any undesired inserted code may damage the system. Throughout execution, pointer arithmetic operations allow to get access by program to use content of the buffer space, and such criminal entrance may cause modification of very important information closer the content of memory and also the return address (Kim et al, 2009). This buffer overflow causes damages to the general-purpose system & also having an ability to penetrate to the special purpose embedded system; such systems are used in trading application as well as in military, so invulnerability has become the most significant circumstance for any system. A number of embedded controllers are used in aircraft, tankers and some special and secure embedded components are used in atomic plants. So by using buffer overflow attack, an attacker could cause spectacular destructions. Hence, attacker yields command of the system, and capable to modify the required information. So buffer overflow attack is a serious problem in case of security for all kinds of software and computer programming and that is why they are still happening (Shao et al, 2007)..
How buffer overflow occur?
Corrupting the stack is the mainly common assaulting approach of buffer overflow. For passing arguments to the procedure and containing local variables a stack is used. A stack is a LIFO (Last In First Out) buffer, and a new Stack Frame is produced every time when a code begins implementing a function. Such frames include arguments, which furthermore used to pass to function and to the space of local variable as well. The stack pointer is used to store current memory location of the top of the stack where as local variables can be address more comfortably because a frame pointer is used since the stack consisting continuously varying values situated forthcoming to the beginning of the stack frame. Later that the return address is kept on the stack for calling main function and this is the beginning of stack overflow, as because overflowing of a local variable can alter the return address which enables the attacker to insert and execute their data or specific function (Brien, 2005)
Types Of Overflows
5.1 Stack Overflow:
In stack overflow situation, the buffer overwritten to another buffer that is set aside on the stack by means of local variables or replace by a parameter to a function (Ogorkiewicz, 2004).
5.2 Heap Overflow:
In heap overflow situation, the buffer being overwritten to another buffer that is allotted in the heap quota of the memory (Dalci, 2008).
How they are handled in future?
In future all the methods will not be able to claim to stop all practicable attacks, but these methods surely have an ability to fall off the chances of attacks.
6.1 Write secure code:
Clearly in buffer overflows, buffer space is being replaced by undesired stuffed code. In case of C programming, the programmer uses library functions like strcat(), strcpy(), vsprintf() & sprint() which operate on null terminated strings and perform no bound inspection. Furthermore, get() is a library function used to read inputs by the user until a terminating new line is establish. In addition scanf() function also may cause for the buffer overflow. Therefore, it is safe to prevent this buffer overflow to happen in the beginning of the code. For this the programmer should have enough understanding about minimizing the usage of such vulnerable library functions. (Grover, 2003)
6.2 Stacks execute invalidation:
In stack overflow execution the untrustworthy code as an input to the program causes the modification of stack by alterations in the code section. So it turns out to be too simple to handle this by making invalidation the stack for execution of any instruction. Whenever the program code is being achieved, the functions allow making changes in stack and this causes a segmentation disruption. So the solution is becoming difficult to implement. In case of Linux, it is practicable if an improved version of Linux kernel is available, which doesnââ‚¬â„¢t require the stack to be executable. (Arora, et al, 2006).
6.3 Dynamic run-time checks:
Here the applications are not permitted to get access in order to lower the chances of attacks. In this method, before the execution of actual application, the secure code is carried out. This is because it provides the guarantee about the going back address is not being altered and supply safe execution of library functions. This method is archived with the help of libsafe family of library function. This function goes with the frame pointer to correct the stack frame for the time of buffer passing as an argument to any function. And when the function is executed libsafe inspects the return address by means of checking the distance, and it ensures that the return address is remaining the same.
6.4 Avoid using library files included with the compiler.
It is common to use library files by including with the program code. If the attacker knew a weakness of a certain library file, any programing code that associated with that file also has the same weakness. Hence the attacker begins to try to damage known weaknesses used in common library files in order to damage any application. For the C++ programming language the newer compiler uses to add more securely composed library files for secure coding as compared to old programming languages (Thomas, 2011).
6.5 Qualify All User Input
In any application of programming code it is required to qualify all user input that the input string length is valid. If the program can handle 20 characters and this character string is already added to the data, and if the new use permits inserting more than 20 characters then there are probabilities of errors of overflow. So to avoid such cases the input user string should be qualified by comparing with the allowed space by already added string (Posey, 2005).
6.6 Test Applications
In addition to the methods of writing, checking and qualifying, this is most important and essential method for preventing from the vulnerability of buffer overflow. Even after writing a good and secure programming code, the program has to be tested thoroughly. The programmer should able to test his code and able to find any errors if more than enough string is inputted. Therefore application testing is very important prior to deployment (Hinckley, 2000).
Why They Are Still Happening?
Hand S. an Austrian security vendor has found a vulnerability in Windows Vista, in which a buffer overflow is occur rooted in the device IO control. This Device IO Control having an ability to cope with internal device communication. So this allows the cyberpunks to execute malevolent code to crash it down. Furthermore, researchers have been found that such attack could corrupt the memory slots allotted to the kernel of the operating system. Since the network input/output malicious demands of the operating systems, iphlpapi.dll API is generated which causes blue-screen-of-death. Since the infection is at the code to rootkit of the operating systems causes the vulnerability at the kernel level and allows the attacker to get the control of the machine. The buffer overflow is still happening because, most time the user allows to system to check and install new security updates. The installation of service packs or any security updates doesnââ‚¬â„¢t cause any effect to crash the operating system. In order to make changes and apply these downloaded updates the system user has to be part of the Network Configuration Operators Administrator Group. Here if this buffer overflow causes changes and overwrites the memory allocated for the kernel, then there is a possibility that the members of the administrator group exploit and take full control of the machine without any permission (Oiaga, 2008).
From a long time, buffer overflow is the most common vulnerability in which the attackers exploit this drawback of the programming for the execution of hostile malicious code on target systems by contaminating, modifying or shedding important information as well as returning address of the programming code. Because of growth of such attacks buffer overflow gets highest priority in security aspects. As a computer programmer, the most important thing is to be knowledgeable of these offensives and be updated as well as keep the system patched securely.