Preventing format-string attacks via automatic and efficient dynamic checking

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2005, Pages 354-363

  Ringenburg, Michael F ^a   Grossman, Dan ^a  

^a University of Washington   (United States)

Author keywords

Dynamic Checking; Format String Attacks; Static Analysis; White Lists

Indexed keywords

DYNAMIC CHECKING; FORMAT-STRING ATTACKS; STATIC ANALYSIS; WHITE-LISTS;

COMPUTER SYSTEMS PROGRAMMING; DATA FLOW ANALYSIS; DYNAMIC PROGRAMMING; FUNCTIONS; MATHEMATICAL TRANSFORMATIONS;

AUTOMATIC PROGRAMMING;

EID: 33745773931     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1102120.1102166     Document Type: Conference Paper

References (39)

1. Todd Austin, Scott Breach, and Gurindar Sohi. Efficient detection of all pointer and array access errors. In ACM Conference on Programming Language Design and Implementation, pages 290-301, Orlando, FL, June 1994.
2. William Bush, Jonathan Pincus, and David Sielaff. A static analyzer for finding dynamic programming errors. Software Practice and Experience, 30(7):775-802, June 2000.
3. Hao Chen, Drew Dean, and David Wagner. Model checking one million lines of C code. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, 2004.
4. CIL - Infrastructure for C Program Analysis and Transformation, version 1.3.2. Available at http://manju.cs.berkeley.edu/cil/.
5. Jeremy Condit, Matthew Harren, Scott McPeak, George Necula, and Westley Weimer. CCured in the real world. In ACM Conference on Programming Language Design and Implementation, pages 232-244, June 2003.
6. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., Aug. 2001.
7. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In 7th USENIX Security Symposium, pages 63-78, San Antonio, TX, January 1998.
8. Cyclone, version 0.8. Available at http://www.research.att.com/projects/cyclone.
9. Alan DeKok. Pscan: A limited problem scanner for C source files, July 2000. Available at www.striker.ottawa.on.ca/~aland/pscan/.
10. Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In 4th USENIX Symposium on Operating System Design and Implementation, pages 1-16, San Diego, CA, October 2000.
11. Free Software Foundation. The GNU compiler collection. Available at http://gnu.gcc.org/.
12. S. Z. Guyer, E. D. Berger, and G. Lin. Detecting errors with configurable whole-program dataflow analysis. Technical Report UTCS TR-02-04, UT-Austin, 2002.
13. Reed Hastings and Bob Joyce. Purify: Fast detection of memory leaks and access errors. In Winter USENIX Conference, pages 125-138, San Francisco, CA, January 1992.
14. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, pages 275-288, Monterey, CA, June 2002.
15. Stephen Johnson. Lint, a C program checker. Computer Science Technical Report 65, Bell Laboratories, December 1977.
16. Richard Jones and Paul Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG'97. Third International Workshop on Automatic Debugging, volume 2(9) of Linköping Electronic Articles in Computer and Information Science, 1997.
17. Michel Kaempf. Multiple vulnerabilities in splitvt, January 2001. At www.securityfocus.com/archive/1/156251.
18. Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure execution via program shepherding. In 11th USENIX Security Symposium, pages 191-206, August 2002.
19. Gabriel A. Maggiotti. Unreal ircd format string vuln, February 2002. At www.securityfocus.com/archive/82/258190.
20. G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the Conference on Compiler Construction, pages 213-228, 2002.
21. George Necula, Scott McPeak, and Westley Weimer. CCured: Type-safe retrofitting of legacy code. In 29th ACM Symposium on Principles of Programming Languages, pages 128-139, January 2002.
22. T. Newsham. Format string attacks. White Paper, Sept. 2000. At www.securityfocus.com/guest/3342.
23. Bruce Perens. Electric fence. At www.gnu.org/directory/All_Packages_in_Directory/Electric-Fence.html.
24. NGSSoftware Insight Security Research. Pfinger 0.7.8 format string vulnerability, December 2002. http://www.securityfocus.com/archive/1/303555.
25. NGSSoftware Insight Security Research, zkfingerd 0.9.1 format string vulnerability, December 2002. http://www.securityfocus.com/archive/1/303557.
26. Michael F. Ringenburg and Dan Grossman. www.cs.washington.edu/homes/miker/formatstring/.
27. Tim Robbins. libformat, November 2001. At www.wiretapped.net/~fyre/software/libformat.html.
28. Rwhoisd remote format string vulnerability, October 2001. At www.securityfocus.com/archive/1/222756.
29. Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, September 1975.
30. VOID.AT Security, isc dhcpd 3.0 format string exploit, January 2003. At www.securityfocus.com/archive/1/306327.
31. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In 10th USENIX Security Symposium, pages 201-220, 2001.
32. Christopher Small and Margo Seltzer. MiSFIT: constructing safe extensible systems. IEEE Concurrency, 6(3):33-41, July-September 1998.
33. Splint manual, version 3.0.6, 2002. http://www.splint.org/manual/.
34. @stake, Inc. tcpflow 0.2.0 format string vulnerability, August 2003. At www.securityfocus.com/advi-sories/5686.
35. tf8@zolo.freelsd.net. Wu-ftpd remote format string stack overwrite vulnerability, June 2000. At www.securityfocus.com/bid/1387.
36. T. Tsai and N. Singh. Libsafe: Protecting critical elements of stacks. Technical Report ALR-2001-019, Avaya Labs, Aug. 2001.
37. Robert Wahbe, Steven Lucco, Thomas Anderson, and Susan Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 7(5):203-216, December 1993.
38. J. Wilander and M. Kamkar. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 68-84, Nov. 2002.
39. zillion, nn format string exploit, July 2002. http://www.securityfocus.com/archive/82/280687.