Krerk Piromsopa and Richard J. Enbody
November, 2004
A claim that a system is secure should be supported by a proof. In the case of buffer-overflow attacks, there are many proposed hardware/software solutions, but there has been little effort to prove the effectiveness of solutions. In this paper, we layout a framework for protecting against buffer-overflow attacks, and use the framework to prove security. We first begin with definitions of buffer overflow and build theorems on those definitions. Based on those definitions and theorems, we develop the necessary conditions to prevent buffer-overflow attacks. To show the usefulness of the framework we present one instance of a solution, an architecture for preventing buffer-overflow. The result is the claim that an implementation exists that can be proven to prevent buffer-overflow attacks.
You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format.