Skip to main content

Protection Against Format String Attacks by Binary Rewriting

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

  • 936 Accesses

Abstract

We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional printf with code calling a safer version of printf, safe_printf, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the printf code statically. In addition, it replaces the printf calls without extra format arguments like printf(buffer) with the safe code printf(ā€%sā€, buffer), which are not vulnerable, and reduces the performance overhead of the patched program by not modifying the calls to printf with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Prasad, M., Chiueh, T.C.: A binary rewriting defense against stack-based buffer overflow attacks. In: The Proceedings of USENIX 2003 Annual Technical Conference, USENIX (2003), pp. 211ā€“224 (2003)

    Google Scholar 

  2. Lhee, K.S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Software: Practice and Experience 33, 423ā€“460 (2003)

    Article  Google Scholar 

  3. Robbins, T.J.: libformat (2000), http://www.securityfocus.com/data/tools/libformat-1.0pre5.tar.gz

  4. Singh, N., Tsai, T.: Libsafe 2.0: Detection of format string vulnerability exploits (2001), http://www.research.avayalabs.com/project/libsafe/doc/whitepaper-20.ps

  5. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature gerneration of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (2005)

    Google Scholar 

  6. Tool Interface Standard (TIS) Committee: Executable and linking format (ELF) specification, version 1.2 (1995)

    Google Scholar 

  7. Kildall, G.A.: A unified approach to global program optimization. In: ACM Symposium on Principles of Programming Languages, pp. 194ā€“206 (1973)

    Google Scholar 

  8. Emmerik, M.V.: Signatures for library functions in executable files. Technical Report FIT-TR-1994-02 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

You, J.H., Seo, S.C., Kim, Y.D., Choi, J.Y., Lee, S.J., Kim, B.K. (2005). Protection Against Format String Attacks by Binary Rewriting. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_45

Download citation

  • DOI: https://doi.org/10.1007/11596981_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics