Automatically Fixing C Buffer Overflows Using Program Transformations

Author

Shaw, Alex ; Doggett, Dusten ; Hafiz, Munawar

Author_Institution

Auburn Univ. Auburn, Auburn, AL, USA

fYear

2014

fDate

23-26 June 2014

Firstpage

124

Lastpage

135

Abstract

Fixing C buffer overflows at source code level remains a manual activity, at best semi-automated. We present an automated approach to fix buffer overflows by describing two program transformations that automatically introduce two well-known security solutions to C source code. The transformations embrace the difficulties of correctly analyzing and modifying C source code considering pointers and aliasing. They are effective: they fixed all buffer overflows featured in 4,505 programs of NIST´s SAMATE reference dataset, making the changes automatically on over 2.3 million lines of code (MLOC). They are also safe: we applied them to make hundreds of changes on four open source programs (1.7 MLOC) without breaking the programs. Automated transformations such as these can be used by developers during coding, and by maintainers to fix problems in legacy code. They can be applied on a case by case basis, or as a batch to fix the root causes behind buffer overflows, thereby improving the dependability of systems.

Keywords

C language; public domain software; security of data; source code (software); source coding; C source code; MLOC; NIST SAMATE reference dataset; automatic C buffer overflow fixing; legacy code; million lines of code; open source programs; program transformations; security solutions; source coding; Algorithm design and analysis; Arrays; ISO standards; Libraries; Manuals; Security; buffer; dependability; overflow; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on

Conference_Location

Atlanta, GA

Type

conf

DOI

10.1109/DSN.2014.25

Filename

6903573