AIFD: A Runtime Solution to Buffer Overflow Attack

While buffer overflow problem has been known for a long time, it continues to present a serious security threat. Many solutions to the notorious problem were proposed. However, they had their own drawbacks. This paper presents a solution called API invocation fingerprint detection (AIFD) to eliminate overflow vulnerability with very low performance penalty. The solution is API-hook-based, which does not require compiler extensions or operating system kernel patches. Unlike other API-hook-based solutions, which will not discover that system calls are actually invoked by malicious code in certain cases, AIFD works well in those cases. By it, programs protected will not yield control to the exploitation code, but rather enter a fail-safe state. In this paper, we present principle of buffer overflow attacks, implementation details of AIFD, and experimental results of both penetration resistance and the performance impact of this solution.