Computer Engineering Commons^™

Stackguard: Automatic Adaptive Detection And Prevention Of Buffer-Overflow Attacks, Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang

Computer Science Faculty Publications and Presentations

This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.

We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard …

A Specialization Toolkit To Increase The Diversity Of Operating Systems, Calton Pu, Andrew P. Black, Crispin Cowan, Jonathan Walpole, Charles Consel

Computer Science Faculty Publications and Presentations

Virus and worm attacks that exploit system implementation details can be countered with a diversified set of implementations. Furthermore, immune systems show that attacks from previously unknown organisms require effective dynamic response. In the Synthetix project, we have been developing a specialization toolkit to improve the performance of operating system kernels. The toolkit helps programmers generate and manage diverse specialized implementations of software modules. The Tempo-C specializer tool generates different versions for both compile-time and run-time specialization. We are now adapting the toolkit to improve operating system survivability against implementations attacks.