1 AIT Asian Institute of Technology
Thesis > School of Advanced Technologies (SAT) > Department of Information and Communications Technologies (DICT) > 2003

Detecting possible format string vulnerabilities in C programs
AuthorHuynh Buu Ky
Call NumberAIT Thesis no.CS-03-17
Subject(s)String models
Data detection
C (Computer program language)
Computer security

NoteA thesis submitted in partial fulfillment of the requirements for the degree of Master of Engineering, School of Advanced Technologies
PublisherAsian Institute of Technology
Series StatementThesis ; no. CS-03-17
AbstractIn June 2000, the first public release of format string vulnerability against wu-ftp 2.6.0 has obtained major attention. This vulnerability arises from the combination of unchecked variable argument (varargs) functions and standard C library implementations. Since then, various format string exploit techniques have been discovered and numerous incidents of format string attacks have been reported to date [1, 2, 6]. The exploitation of format string bug represents a whole new serious class of vulnerabilities in C programs that can be used to gain highest privileges on a local or remote host. The first part of this study explains the nature and analyses the tricks and limitations of format string exploits. A semantic model of simplified version of printf function is also established to give a formal explanation how format string bugs occur and how they cause the change of program flows. Part two discusses currently well-known static and run-time defense strategies against this important class of vulnerabilities. Finally, we present our system which combines both static analysis and run-time checks. The system employs bottom-up qualified type inference engine to perform static analyses to check source code for safety printf-like function calls, and automatically inserts run-time checks where safety cannot be guaranteed statically. Our tests on several vulnerable source code show that our system exhibits a lower rate of false positive than current top-down qualified type inference one. Moreover, performance test shows that the system imposes lower performance overhead than currently run-time solution.
Year2003
Corresponding Series Added EntryAsian Institute of Technology. Thesis ; no. CS-03-17
TypeThesis
SchoolSchool of Advanced Technologies (SAT)
DepartmentDepartment of Information and Communications Technologies (DICT)
Academic Program/FoSComputer Science (CS)
Chairperson(s)Phan Minh Dung;
Examination Committee(s)Huynh Ngoc Phien;Bohez, Erik L J.;
Scholarship Donor(s)MOET Vietnam;
DegreeThesis (M.Eng.) - Asian Institute of Technology, 2003


Browse by School

Usage Metrics
View Detail0
Read PDF0
Download PDF0