Removing Buffer Overflows In C Programs With Safe Library Replacement Transformation
Metadata Field | Value | Language |
---|---|---|
dc.contributor.advisor | Munawar, Hafiz | |
dc.contributor.author | Doggett, Dusten James | |
dc.date.accessioned | 2013-08-13T19:02:45Z | |
dc.date.available | 2013-08-13T19:02:45Z | |
dc.date.issued | 2013-08-13 | |
dc.identifier.uri | http://hdl.handle.net/10415/3826 | |
dc.description.abstract | This work explores how buffer overflow vulnerabilities in C programs, specifically the ones that originate from the use of unsafe functions, can be fixed by using a source-to-source program transformation. I implemented a Safe Library Replacement transformation that replaces unsafe library functions with safe alternatives. The transformation improves the security of a system, which means that it does not preserve the original behavior of the program. It preserves good-path behavior, and modifies the behavior only on attack vectors. Implementing the transformation in C requires sophisticated static analyses that are typically unavailable in existing program transformation infrastructures for C. I used OpenRefactory/C, a framework for building correct and complex program transformations for C; I enhanced the infrastructure to support control flow and alias analysis. I tested the transformation on 1,778 test cases from the SAMATE reference dataset, and was able to remove the buffer overflow vulnerability from each case. I also applied the transformation on 181 instances of unsafe functions in three real C programs. The transformation replaced the function in 73% of the cases, and did not break the original program in any of the cases. A program transformation-based approach can integrate with a developer's coding activity, much like a refactoring, and allows a developer to fix library-related buffer overflow problems on demand. | en_US |
dc.rights | EMBARGO_NOT_AUBURN | en_US |
dc.subject | Computer Science | en_US |
dc.title | Removing Buffer Overflows In C Programs With Safe Library Replacement Transformation | en_US |
dc.type | thesis | en_US |
dc.embargo.length | NO_RESTRICTION | en_US |
dc.embargo.status | NOT_EMBARGOED | en_US |