\documentclass[conference]{IEEEtran} \IEEEoverridecommandlockouts{} % The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out. \usepackage{cite} \usepackage{amsmath,amssymb,amsfonts} \usepackage{algorithmic} \usepackage{booktabs} \usepackage{graphicx} \usepackage{textcomp} \usepackage{xcolor} \def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}} %additional packages %\usepackage[ngerman]{babel} \usepackage[utf8]{inputenc} \usepackage{hyperref} \usepackage{url} %%fuer abkuerzungen begin \usepackage[acronym,hyperfirst = false]{glossaries} \glsdisablehyper{} %\usepackage[acronym,acronymlists={main, abbreviationlist},shortcuts,toc,description,footnote]{glossaries} \newglossary[clg]{abbreviationlist}{cyi}{cyg}{List of Abbreviations} \newglossary[slg]{symbolslist}{syi}{syg}{Symbols} \renewcommand{\firstacronymfont}[1]{\emph{#1}} \renewcommand*{\glspostdescription}{} % Punkt am Ende jeder Beschreibung entfernen \renewcommand*{\acrnameformat}[2]{#2 (\acronymfont{#1})} % Langform der Akronyme \makeglossaries{} \date{\today} \input{glossary} %%fuer abkuerzungen end \begin{document} \title{Paper Title *TODO edit*} \author{\IEEEauthorblockN{1\textsuperscript{st} Given Valentin Brandl} \IEEEauthorblockA{\textit{Faculity of Computer Science and Mathematics} \\ \textit{OTH Regensburg}\\ Regensburg, Germany \\ valentin.brandl@st.oth-regensburg.de\\ MatrNr. 3220018} } \maketitle \begin{abstract} TODO \end{abstract} \begin{IEEEkeywords} Buffer Overflow, Software Security \end{IEEEkeywords} \section{Motivation}\label{ref:motivation} When the first programming languages were designed, memory had to be managed manually to make the best use of slow hardware. This opened the door for many kinds of programming errors. Memory can be deallocated more than once (double-free), the programm could read or write out of bounds of a buffer (information leaks, buffer overflows). Languages that are affected by this are e.g. C, C++ and Fortran. These languages are still used in critical parts of the worlds infrastructure, either because they allow to implement really performant programms, because they power legacy systems or for portability reasons. Scientists and software engineers have proposed lots of solutions to this problem over the years and this paper aims to compare and give an overview about those. Reading out of bounds can result in an information leak and is less critical than buffer overflows in most cases, but there are exceptions, e.g.\ the Heartbleed bug in OpenSSL which allowed dumping secret keys from memory. Out of bounds writes are almost always critical and result in code execution vulnerabilities or at least application crashes. % Ever since the first programming languages were designed, security has been a % concern of software developers. With more advanced programming languages, that % did automatic memory management, some classes of errors were fixed. But % languages with unsafe, manual memory management are still in use and power % critical parts of the worlds infrastructure. \section{Sources} \begin{itemize} \item RAD:\ A Compile-Time Solution to Buffer Overflow Attacks\cite{Rad2001} (might not protect against e.g.\ vtable overrides, PLT address changes, \dots) \item Dependent types for low-level programming\cite{Dep2007} \item StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attachs\cite{Stackguard1998} (ineffective in combination with information leaks) \item Type-Assisted Dynamic Buffer Overflow Detection\cite{TypeAssisted2002} \end{itemize} \section{Main Part, TODO}\label{ref:main} %TODO!!!! \subsection{Background}\label{ref:background} text \subsection{Concept and Methods}\label{ref:concept} \begin{itemize} \item Runtime bounds checks \item Prevent overriding return address \item Restricting language features to a secure subset \item Static analysis \item Dependent types (only allow indexing with values that are proven to be in bounds) \end{itemize} \subsection{Discussion}\label{ref:discussion} text \section{Concusion and Outlook}\label{ref:conclusion} text \bibliographystyle{IEEEtran} \bibliography{bibliography} \end{document} % vim: set filetype=tex ts=2 sw=2 tw=80 et spell :