Making the kernel responsible: a new approach to detecting & preventing buffer overflows

Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI:10.1109/IWIA.2005.10

William R. Speirs

{"title":"Making the kernel responsible: a new approach to detecting & preventing buffer overflows","authors":"William R. Speirs","doi":"10.1109/IWIA.2005.10","DOIUrl":null,"url":null,"abstract":"This paper takes the stance that the kernel is responsible for preventing user processes from interfering with each other, and the overall secure operation of the system. Part of ensuring overall secure operation of the computer is preventing buffers in memory from having too much data written to them, overflowing them. This paper presents a technique for obtaining the writable bounds of any memory address. A new system call for obtaining these bounds, ptrbounds, is described that implements this technique. The system call was implemented in the Linux 2.4 kernel and can be used to detect most buffer overflow situations. Once an overflow has been detected it can be dealt with in a number of ways, including to limit the amount of information written to the buffer. Also, a method for accurately tracking the allocation of memory on the stack is proposed to enhance the accuracy of the technique. The intended use of ptrbounds is to provide programmers with a method for checking the bounds of pointers before writing data, and to automatically check the bounds of pointers passed to the kernel.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"116 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third IEEE International Workshop on Information Assurance (IWIA'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2005.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

This paper takes the stance that the kernel is responsible for preventing user processes from interfering with each other, and the overall secure operation of the system. Part of ensuring overall secure operation of the computer is preventing buffers in memory from having too much data written to them, overflowing them. This paper presents a technique for obtaining the writable bounds of any memory address. A new system call for obtaining these bounds, ptrbounds, is described that implements this technique. The system call was implemented in the Linux 2.4 kernel and can be used to detect most buffer overflow situations. Once an overflow has been detected it can be dealt with in a number of ways, including to limit the amount of information written to the buffer. Also, a method for accurately tracking the allocation of memory on the stack is proposed to enhance the accuracy of the technique. The intended use of ptrbounds is to provide programmers with a method for checking the bounds of pointers before writing data, and to automatically check the bounds of pointers passed to the kernel.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使内核负责:一种检测和防止缓冲区溢出的新方法

本文认为内核负责防止用户进程之间的相互干扰，保证系统的整体安全运行。确保计算机整体安全运行的一部分是防止内存中的缓冲区写入过多的数据，使其溢出。本文提出了一种获取任意存储器地址可写边界的技术。描述了一个用于获取这些边界的新系统调用ptrbounds，它实现了这种技术。这个系统调用是在Linux 2.4内核中实现的，可以用来检测大多数缓冲区溢出情况。一旦检测到溢出，可以用多种方法处理，包括限制写入缓冲区的信息量。同时，提出了一种精确跟踪堆栈上的内存分配的方法，以提高该技术的准确性。ptrbounds的预期用途是为程序员提供一种在写入数据之前检查指针边界的方法，并自动检查传递给内核的指针边界。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Third IEEE International Workshop on Information Assurance (IWIA'05)

自引率

0.00%

发文量