Removing Buffer Overflows In C Programs With Safe Library Replacement Transformation

Abstract

This work explores how buffer overflow vulnerabilities in C programs, specifically the ones that originate from the use of unsafe functions, can be fixed by using a source-to-source program transformation. I implemented a Safe Library Replacement transformation that replaces unsafe library functions with safe alternatives. The transformation improves the security of a system, which means that it does not preserve the original behavior of the program. It preserves good-path behavior, and modifies the behavior only on attack vectors. Implementing the transformation in C requires sophisticated static analyses that are typically unavailable in existing program transformation infrastructures for C. I used OpenRefactory/C, a framework for building correct and complex program transformations for C; I enhanced the infrastructure to support control flow and alias analysis. I tested the transformation on 1,778 test cases from the SAMATE reference dataset, and was able to remove the buffer overflow vulnerability from each case. I also applied the transformation on 181 instances of unsafe functions in three real C programs. The transformation replaced the function in 73% of the cases, and did not break the original program in any of the cases. A program transformation-based approach can integrate with a developer's coding activity, much like a refactoring, and allows a developer to fix library-related buffer overflow problems on demand.