dc.description.abstract |
Buffer overflows are unintentional accesses
to memory outside the intended object.
In recent years, buffer overflow attacks ha
ve become the most prevalent techniques
used to hack both remote and local comput
er systems. All the reason for such a
profound spread of this kind of attack is that many software and operating systems
are written in C language. C is inherently unsafe because array and pointer
references are not automatically bounds-c
hecked. Therefore, it is up to the
programmers to do it themselves. Noneth
eless, these security holes are often
wrongly omitted or checked. In addition to its
prevalence, this attack can cause the
most serious problem to compromised sy
stems. One solution to buffer overflow
attacks is to statically detect possible vul
nerabilities in C source codes before they
are deployed. Much research has been done
to solve this problem, however, in a
subset of C features, which involves poi
nter, array of char,
one-dimension array,
pointer arithmetic statements, a
nd standard C string functions.
This thesis will examine the principles of
unix/linux buffer overflow vulnerabilities.
Then, it will survey the existing static methods of detecting buffer overflows, and
propose a better method that accumulates a
larger domain of problems involving
arrays of pointers. Finally, a prototype
is implemented based on the proposed
method. |
|