Title :
Automatically Fixing C Buffer Overflows Using Program Transformations
Author :
Shaw, Alex ; Doggett, Dusten ; Hafiz, Munawar
Author_Institution :
Auburn Univ. Auburn, Auburn, AL, USA
Abstract :
Fixing C buffer overflows at source code level remains a manual activity, at best semi-automated. We present an automated approach to fix buffer overflows by describing two program transformations that automatically introduce two well-known security solutions to C source code. The transformations embrace the difficulties of correctly analyzing and modifying C source code considering pointers and aliasing. They are effective: they fixed all buffer overflows featured in 4,505 programs of NIST´s SAMATE reference dataset, making the changes automatically on over 2.3 million lines of code (MLOC). They are also safe: we applied them to make hundreds of changes on four open source programs (1.7 MLOC) without breaking the programs. Automated transformations such as these can be used by developers during coding, and by maintainers to fix problems in legacy code. They can be applied on a case by case basis, or as a batch to fix the root causes behind buffer overflows, thereby improving the dependability of systems.
Keywords :
C language; public domain software; security of data; source code (software); source coding; C source code; MLOC; NIST SAMATE reference dataset; automatic C buffer overflow fixing; legacy code; million lines of code; open source programs; program transformations; security solutions; source coding; Algorithm design and analysis; Arrays; ISO standards; Libraries; Manuals; Security; buffer; dependability; overflow; security;
Conference_Titel :
Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on
Conference_Location :
Atlanta, GA
DOI :
10.1109/DSN.2014.25
