STATIC ANALYSIS TOOLS FOR DETECTING STACK-BASED BUFFER OVERFLOWS
Authors
Wikman, Eric C.
Subjects
buffer overflow
Ghidra
Ghidra
Advisors
Irvine, Cynthia E.
Nguyen, Thuy D.
Date of Issue
2020-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Buffer overflows are common software vulnerabilities; it is possible for a program to write outside of the intended boundary of a buffer. In most cases, this causes the program to crash. In more dangerous situations, a buffer overflow can provide the access an attacker needs to gain remote code execution. To create programs that are reliable and free of buffer overflows, we need a method for analyzing code to detect potential buffer overflow vulnerabilities. One method to detect errors is to perform static analysis on the program. This involves looking at a program's disassembled code to find the errors in the program. Fortunately, Ghidra, a reverse engineering tool, can perform the disassembly of the executable. With the Ghidra API, scripts can be developed to perform the task of analyzing programs for buffer overflows. This research investigates the area of stack-based buffer overflows and how to discover them using static analysis. Specifically, the research looks into cases where buffer overflows occur in libc functions, which are referred to as vulnerable sinks. This research involved the development of a Ghidra script to search for vulnerable sinks in a binary file and find all the parameters that are used in the sinks. This allows for buffer overflows to be calculated on a per-sink basis. The research showed that it is possible to find overflow vulnerabilities via static analysis and that calculating whether a buffer can be overflowed is possible.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.