Buffer overrun prevention through component composition analysis

Abstract

Buffer overrun vulnerabilities cause significant security problems, and have proven to be difficult to prevent. In this paper we present a novel approach to tackling the problem. Rather than concentrate on how to prevent the use of code containing buffer overrun vulnerabilities, we look at component composition techniques that can allow vulnerable code to be executed in a safe way within a composed application. We establish how this can be determined in an automated way using formal code analysis techniques and present results from the prototype system that we have developed for this purpose.