Protecting c programs from attacks via invalid pointer dereferences,” Proceedings of the 9th European software engineering conference held jointly with

Writes via unchecked pointer dereferences rank high among vulnerabilities most often exploited by malicious code. The most common attacks use an unchecked string copy to cause a buffer overrun, thereby overwriting the return address in the function’s activation record. Then, when the function “returns”, control is actually transferred to the attacker’s code. Other attacks may overwrite function pointers, setjmp buffers, system-call arguments, or simply corrupt data to cause a denial of service. A number of techniques have been proposed to address such attacks. Some are limited to protecting the return ad-dress only; others are more general, but have undesirable properties such as having a high runtime overhead, requir-ing manual changes to the source code, or forcing program-mers to give up control of data representations and memory management. This paper describes the design and implementation of a security tool for C programs that addresses all these is-sues: it has a low runtime overhead, does not require source code modification by the programmer, does not report false positives, and provides protection against a wide range of at-tacks via bad pointer dereferences, including but not limited to buffer overruns and attempts to access previously freed memory. The tool uses static analysis to identify potentially dangerous pointer dereferences, and memory locations that are legitimate targets of these pointers. Dynamic checks are then inserted; if at runtime the target of an unsafe derefer-ence is not in the legitimate set, a potential security violation is reported, and the program is halted