Founded in 1966

Towards Accurate Buffer-Overflow Vulnerability Diagnosis for Commodity Software

Jiang Zheng (CS Grad/Pitt)

PhD Proposal Defense

Wednesday, January 23, 2008
1:00 pm - SENSQ 6106

Abstract

Buffer overflow attack has been a computer security threat in software-based systems and applications for decades. Researchers have proposed different techniques to defend against unknown buffer overflow attacks and have also investigated various solutions to protect known vulnerable software(e.g. signature generation, patch generation, etc.). However, due to there is no complete solution to defend against them, buffer overflow attacks are still one of the major computer security threats even nowadays.

The big gap of the software security research is from attack detection of unknown vulnerabilities to protection of known vulnerable software, vulnerability diagnosis. Given a vulnerable program and a working exploit, to accurately find out the vulnerability point and understand the vulnerability condition in an automatic way is the task of vulnerability diagnosis. The vulnerability point is the instruction that causes the attack and the vulnerability condition is the semantic information of the vulnerable program about why the attacker can attack the program. Nowadays, this is done manually by security engineers. It has been proven very difficult to understand the semantic of a vulnerability even at the source
code level. You can image how hard this task will be for commodity software when the source code isn't available.

This Ph.D. thesis contributes software security research by raising this vulnerability diagnosis problem and providing solutions towards buffer overflow vulnerability diagnosis (BOVD) in an accurate, automatic and efficient way for commercial software. The solutions to BOVD proposed in this work is based on the observation of the essence of all known buffer overflow attacks that most of them take place in loop context. This Ph.D. thesis proposes using TEMU to do the buffer overflow vulnerability point (BOVP) detection and performing two steps analysis towards understanding buffer overflow vulnerability condition (BOVC). These two steps include input analysis and bound analysis. The input analysis is performing fine-grained loop study and this bound analysis is achieved by dynamic memory monitoring. The proposed input analysis has been implemented using Ocaml as part of BitBlaze project and the proposed fine-grained bound analysis will be implemented using Ocaml as part of the final Ph.D. thesis work and extend the existing BitBlaze project. Preliminary results of some synthetic programs and real-world vulnerable programs demonstrate that this is a very promising technique and deserves further explore.

Dissertation Adviser

Dr. Jose Carlos Brustoloni, Department of Computer Science

Committee Members

Dr. Shi-Kuo Chang
Dr. Bruce R. Childers
Dr. James Joshi
Dr. Dawn Song (CMU/Berkeley)

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.