DocumentCode
143686
Title
The cost of preventing a buffer overflow
Author
Gordonov, Anatoliy S.
fYear
2014
fDate
3-5 April 2014
Firstpage
1
Lastpage
4
Abstract
In the paper we have considered the main methods of buffer overflows, mitigation strategies, and their influence on the memory consumption. The analysis of various methods of stack protection has given us an estimate of the additional memory required for the implementation of specific techniques. The size of the additional memory depends on many factors including computer architecture, OS environment, programming languages used to create the program. For the protection methods considered in the paper, the cost may vary from the insignificant amount for prevention purposes, based on the careful analysis of input data in the program, to the use of Guard Pages when extra memory may include additional pages of the memory. In many cases developers have to use various mitigation strategies in order to make programs less vulnerable to buffer overflows. The main contribution of this paper is the analysis and evaluation of the additional memory required for the various methods of protection from buffer overflow. The current paper allows readers to understand the cost of these methods more clearly, which, in turn, will result in more efficient and secure programs. The results of this paper are useful for both software developers and the instructors who teach methods of secure programming.
Keywords
buffer storage; computer architecture; operating systems (computers); programming languages; OS environment; buffer overflow; computer architecture; extra memory; guard pages; memory consumption; mitigation strategy; prevention purpose; programming languages; protection method; secure programming; software developers; stack protection; Buffer overflows; Instruction sets; Libraries; Memory management; Security; buffer overflows; memory consumption; mitigation strategies;
fLanguage
English
Publisher
ieee
Conference_Titel
American Society for Engineering Education (ASEE Zone 1), 2014 Zone 1 Conference of the
Conference_Location
Bridgeport, CT
Print_ISBN
978-1-4799-5232-8
Type
conf
DOI
10.1109/ASEEZone1.2014.6820627
Filename
6820627
Link To Document