Using Program Transformation to Secure C Programs Against Buffer Overflows

Buffer overflows are the most common source of securityvulnerabilities in C programs. This class of vulnerability,which is found in both legacy and modern software, coststhe software industry hundreds of millions of dollars peryear.The most common type of buffer overflow is the run-timestack overflow. It is common because programmersoften use stack allocated arrays. This enables the attackerto change a program's control flow by writing beyond theboundary of an array onto a return address on the run-timestack. If the arrays are repositioned to the heap at compiletime, none of these attacks succeed. Furthermore, repositioningbuffers to the heap should perturb the heap memoryenough to prevent many heap overflows as well.We have created a tool called Gemini that repositionsstack allocated arrays at compile time using TXL. Thetransformation preserves the semantics of the program witha small performance penalty. This paper discusses thesemantics-preserving transformation of stack allocated arraysto heap allocated "pointers to arrays". A program thatis amenable to a buffer overflow attack and several Linuxprograms are used as examples to demonstrate the effectivenessand overhead of our technique.