Date: Fri, 7 Aug 1998 17:27:39 -0600
From: "Anil B. Somayaji" <soma@CS.UNM.EDU>
To: BUGTRAQ@netspace.org
Subject: Re: A way to prevent buffer overflow exploits? (was: "Any user can
-----BEGIN PGP SIGNED MESSAGE-----
Crispin Cowan <crispin@CSE.OGI.EDU> writes:
> The idea of randomizing the stack was put forward by Stephanie
> Forrest et al in their HotOS'97 paper "Building Diverse Computer
> Systems". They proposed to add a random amount fo fill to each
> activation record, so that the return address was an unknown offset
> from the buffers being overflowed. It's cute, but it doesn't
> prevent the attacker from just repeating the desired destination
> address over and over again, reducing the problem to one of hitting
> the correct byte allignment.
As one of the co-authors of the HotOS paper, I feel I should stick my
head in at this point. The GCC modification was a proof-of-concept
which simply showed that diversification (even a very simple one) can
defeat real attacks. I certainly never meant for this five-line GCC
modification to actually be used. (Background: I did the
implementation as a class project!) So, please do not refer to this
as "Forrest's approach."
The main purpose of that paper was to discuss the fact that computer
systems today are amazingly homogeneous at a binary level, and this
lack of diversity leads to many of the security problems that we see.
One cracker writing a script to break in to one machine is generally
not a big deal; one cracker spreading a script on the net that can
break into thousands of machines _is_ a problem.
We can avoid this by making computer systems unique - the trick is to
do this while providing a uniform interface to users. We discussed
several approaches in:
ftp://ftp.cs.unm.edu/pub/forrest/hotos-97.ps
For those of you unfamiliar with Crispin's research, some of these
ideas are also discussed in:
http://www.cse.ogi.edu/DISC/projects/immunix/icmas96.ps.gz
This paper takes a somewhat different approach to the problem than we
do.
Diversity is no panacea; it is merely one strategy that biological
systems use to survive. If you are interested in learning more about
our ideas, please visit:
http://www.cs.unm.edu/~steveah/research.htmlhttp://www.cs.unm.edu/~forrest
Although we are working on more advanced implementations, we certainly
have more ideas than time! If anyone is inspired to actually build
something based on these ideas, please go ahead; there are many, many
things that remain to be tried.
--Anil
- --
Anil Somayaji (soma@cs.unm.edu)
http://www.cs.unm.edu/~soma
+1 505 872 3150
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNcuNT0LkmkLHxWM5AQGnngP/Vh+zgvOzrAjAsaAvMxWCBDkM6uhoYcVt
R7W53Y9M7t+36mAUGc2fu4vfOLttXH4Zr7ehGHdDqHpn1OZnHDxJKDicA4m+dRQw
Ls5vLhLe7ENfzMhF+paKuWkFpwcONyA0scdcVqG0Foeo54jvgXPYt3nDoIuRgFAU
P1IKa3Y5sqg=
=2pxo
-----END PGP SIGNATURE-----
