Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

System Level Overflow Prevention (SLOP)

IP.com Disclosure Number: IPCOM000126868D
Original Publication Date: 2005-Aug-04
Included in the Prior Art Database: 2005-Aug-04
Document File: 2 page(s) / 28K

Publishing Venue

IBM

Abstract

System Level Overflow Prevention

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

System Level Overflow Prevention (SLOP)

Buffer overflows lows are commonly attacked. The Code Blue and Code Red family of attacks exploited buffer overflows along with numerous other Microsoft* security vulnerabilities. Buffer overflows are listed as the top cause of security vulnerabilities in many operating systems. Buffer overflows account for 50% of the security advisories. Buffer overflows are most dangerous because they are one of the most direct ways to open a privileged shell and within a port allowed by firewalls. The other daunting task of preventing buffer overflows is that every new update and software installation runs the risk of introducing a new buffer overflow. Users must trust the diligence of the programmers and are often let down.

There have been attempts to address buffer overflows at a system level with numerous special software libraries. Most require a special wrapper library be loaded prior to the running of the program. This limits the solution to a particular programming language.

The buffer overflow attack is when a variable on the program stack is overflowed, which overwrites the return address to point to the overflow data. This causes the program's execution to start executing this data. The hackers intent is to open a shell back to the hacker's machine of origin.

At the heart of the difficulty in preventing buffer overflow attacks is that the hacker causes the program itself to overflow its own stack. Thus, it is not like guarding against some other program that can be fenced out. Since the program is corrupting itself, it is difficult for the program to protect itself from itself.

The System Level Overflow Prevention (SLOP) system is based on the assertion that once a Return Address is written/pushed on the stack, it is read only and should never be written or overwritten. Once this frame stack is popped off and the Return Address is referenced, this memory location ca...