Subscribe by Email

Wednesday, November 20, 2013

Security - What is meant by buffer overflow?

You might have heard of some hacks happening from time to time that are caused due to buffer overflow. Buffer overflow is also known as buffer overrun in computer security and programming terminology. It can be considered as an anomaly where the boundary of the buffer is overrun by the program while writing the data to it. When this happens, the adjacent memory is written by the program. Buffer overrun is a special case in which the memory safety rules are violated. Some inputs have been designed for executing the code or changing the way the program works. These inputs can trigger the buffer overflows. This can cause the program to behave in an erratic manner such as causing memory access errors, giving incorrect outputs, causing crash, breaches in the security system. Therefore these are considered to be a source of a number of software vulnerabilities which can be exploited very badly. C and C++ are the most common programming languages that suffer from buffer overflow problems. This is so because these languages do not come with in– built protection against overwriting of data or accessing it in some other part of memory.
These languages don’t have an automatic check on the data that is written in to some array which is more like the in – built type of buffer which lies within the array boundaries. Buffer overflows can be prevented by implementing the bound checks. When the data is written to the buffer, it may also corrupt the data stored in the adjacent memory address destinations because of lack of insufficient checking of boundaries. This can cause a buffer overflow. It may also occur while data is being copied from one buffer to another one without checking whether the data will fit in to it or not. Techniques are available for exploiting the buffer overflow vulnerability. These techniques are different for different architectures, memory region and operating systems. For example, there is a lot of difference between the exploitation on call stack and the exploitation on heap. The below mentioned protective counter measures can be taken:
- Choice of programming language: The language being used does have a profound impact on the buffer overflow occurrence. As mentioned above C and C++ have no built – in protection against this problem but their libraries do provide a number of ways for safe buffering of data and techniques to avoid them. There are languages that provide runtime checking as well as compile time checking, which checks for the possibilities when the program might overwrite the data. Examples are Eiffel, Ada, and Smalltalk etc.
- Use of safe libraries: It is necessary to avoid buffer overflows in order to maintain the degree of correctness of the code. Therefore, standard library functions that are not bound checked should be avoided. There are certain abstract data type libraries that are well tested and centralized enough for performing the buffer management automatically.
- Buffer overflow protection: This mechanism checks for the alteration of the stack when the function returns. If some modification has been made, the program makes an exit with a segmentation fault. Examples of such systems are the stackguard, libsafe, propolice and so on.
- Pointer protection: Buffer overflow involves manipulation of the pointers along with their stored addresses. A compiler extension called the point guard was developed for preventing the attackers from manipulating the pointers and the addresses stored in them reliably. However this extension was not released commercially. A similar version of it was implemented in the Microsoft window’s OS.
- Executable space protection: This method prevents the code execution on heap or stack as an approach to buffer overflow protection. The buffer overflows can be used by the attackers for insert random code in to the program memory. When the executable space protection is in place, the execution of the program will be halted by an exception. 

No comments:

Facebook activity