Abstraction-Based Static Analysis of Buffer Overruns in C Programs

Abstract

Bounds violations or buffer overruns have historically been a major source of defects in software systems, making bounds checking a key component in practical automatic verification methods. With the advent of the Internet, buffer overruns have been exploited by attackers to break into secure systems as well. Many security violations ranging from the 1988 Internet worm incident to the AnalogX Proxy server vulnerability have been attributed to buffer overruns. Programs written in the C language, which comprise most of the systems software available today, are particularly vulnerable because of the lack of array bounds checking in the C compiler, presence of pointers that can be used to write anywhere in memory, and the weak type system of the C language.

Many methods have been proposed to detect these errors. Runtime methods that detect buffer overruns suffer from significant overhead and incomplete coverage, while compile time methods could suffer from low accuracy and poor scalability.

In this thesis, we propose a new technique for bounds checking based on data abstraction that is more accurate, more scalable, and suffers from no runtime overhead. Enhancements have been made to C Wolf, a suite of model generation tools, to handle buffer overflow analysis.

Case studies on web2c, a publicly available software package, pico server, an open source web server, and on the wu-ftpd server are presented to demonstrate the practicality of the technique.