| Buffer overflow is the most common bugs in program. The number of buffer overflow attacks was increasing during the last two decades, bringing users great loss. Accordingly, the research on buffer overflow detection and defense of buffer overflow attack are more and more popular. There are lots of buffer overflow detection tools at present. Because of the detection method, almost of these tools have two limitations. First, they need the source code. And second, they can only detect specific buffer overflow bugs. This paper presents a method combining dynamic binary instrumentation and taint analysis to defense buffer overflow attacks.Dynamic binary instrumentation is a method which adds instrumentation code to original binary code to collect program behavior information. It doesn't need the existence of source code and is compatible with commercial software and legacy code. For better efficiency, most dynamic binary instrumentation tools are developed based on dynamic binary instrumentation framework.Taint analysis is a method marking the data in program as two categories, which are tainted and clean. It also manages the taint attribute during program execution. Once the taint data are used in illegal ways it asserts a potential attack. It can detect many kinds of buffer overflow attacks.This paper describes a dynamic binary instrumentation framework, CrossIF, which build on Crossbit, and a dynamic binary instrumentation tool, BufferSafeTy, for detecting buffer overflow attacks. BufferSafeTy was developed on top of CrossIF. We use three programs to validate this tool and conclude that the combination of dynamic binary instrumentation and taint analysis could detect many kinds of buffer overflow attacks without the support of source code, which makes up the limitations of existed buffer overflow detection tools. |
PDF Full Text Request