Title :
Making the kernel responsible: a new approach to detecting & preventing buffer overflows
Author :
Speirs, William R.
Author_Institution :
Adv. Technol. Res. Center, SYTEX Group Inc., Vienna, VA, USA
Abstract :
This paper takes the stance that the kernel is responsible for preventing user processes from interfering with each other, and the overall secure operation of the system. Part of ensuring overall secure operation of the computer is preventing buffers in memory from having too much data written to them, overflowing them. This paper presents a technique for obtaining the writable bounds of any memory address. A new system call for obtaining these bounds, ptrbounds, is described that implements this technique. The system call was implemented in the Linux 2.4 kernel and can be used to detect most buffer overflow situations. Once an overflow has been detected it can be dealt with in a number of ways, including to limit the amount of information written to the buffer. Also, a method for accurately tracking the allocation of memory on the stack is proposed to enhance the accuracy of the technique. The intended use of ptrbounds is to provide programmers with a method for checking the bounds of pointers before writing data, and to automatically check the bounds of pointers passed to the kernel.
Keywords :
buffer storage; checkpointing; operating system kernels; security of data; storage allocation; Linux 2.4 kernel; buffer overflow detection; buffer overflow prevention; data writing; memory address; memory allocation; memory buffers; pointer bound checking; Buffer overflow; Computer science education; Computer security; Computer worms; Hardware; Kernel; Libraries; Operating systems; Programming profession; Writing;
Conference_Titel :
Information Assurance, 2005. Proceedings. Third IEEE International Workshop on
Print_ISBN :
0-7695-2317-X
DOI :
10.1109/IWIA.2005.10
