139 lines
4.3 KiB
TeX
139 lines
4.3 KiB
TeX
\documentclass[conference]{IEEEtran}
|
|
\IEEEoverridecommandlockouts{}
|
|
% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.
|
|
\usepackage{cite}
|
|
\usepackage{amsmath,amssymb,amsfonts}
|
|
\usepackage{algorithmic}
|
|
\usepackage{booktabs}
|
|
\usepackage{graphicx}
|
|
\usepackage{textcomp}
|
|
\usepackage{xcolor}
|
|
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
|
|
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
|
|
|
|
%additional packages
|
|
%\usepackage[ngerman]{babel}
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage{hyperref}
|
|
\usepackage{url}
|
|
%%fuer abkuerzungen begin
|
|
\usepackage[acronym,hyperfirst = false]{glossaries}
|
|
\glsdisablehyper{}
|
|
%\usepackage[acronym,acronymlists={main, abbreviationlist},shortcuts,toc,description,footnote]{glossaries}
|
|
\newglossary[clg]{abbreviationlist}{cyi}{cyg}{List of Abbreviations}
|
|
\newglossary[slg]{symbolslist}{syi}{syg}{Symbols}
|
|
\renewcommand{\firstacronymfont}[1]{\emph{#1}}
|
|
\renewcommand*{\glspostdescription}{} % Punkt am Ende jeder Beschreibung entfernen
|
|
\renewcommand*{\acrnameformat}[2]{#2 (\acronymfont{#1})} % Langform der Akronyme
|
|
\makeglossaries{}
|
|
\date{\today}
|
|
\input{glossary}
|
|
%%fuer abkuerzungen end
|
|
|
|
|
|
\begin{document}
|
|
|
|
\title{Paper Title *TODO edit*}
|
|
|
|
\author{\IEEEauthorblockN{1\textsuperscript{st} Given Valentin Brandl}
|
|
\IEEEauthorblockA{\textit{Faculity of Computer Science and Mathematics} \\
|
|
\textit{OTH Regensburg}\\
|
|
Regensburg, Germany \\
|
|
valentin.brandl@st.oth-regensburg.de\\
|
|
MatrNr. 3220018}
|
|
}
|
|
|
|
\maketitle
|
|
|
|
\begin{abstract}
|
|
TODO
|
|
\end{abstract}
|
|
|
|
\begin{IEEEkeywords}
|
|
Buffer Overflow, Software Security
|
|
\end{IEEEkeywords}
|
|
|
|
|
|
|
|
\section{Motivation}\label{ref:motivation}
|
|
|
|
When the first programming languages were designed, memory had to be managed
|
|
manually to make the best use of slow hardware. This opened the door for many
|
|
kinds of programming errors. Memory can be deallocated more than once
|
|
(double-free), the programm could read or write out of bounds of a buffer
|
|
(information leaks, buffer overflows). Languages that are affected by this are
|
|
e.g. C, C++ and Fortran. These languages are still used in critical parts of
|
|
the worlds infrastructure, either because they allow to implement really
|
|
performant programms, because they power legacy systems or for portability
|
|
reasons. Scientists and software engineers have proposed lots of solutions to
|
|
this problem over the years and this paper aims to compare and give an overview
|
|
about those.
|
|
|
|
Reading out of bounds can result in an information leak and is less critical
|
|
than buffer overflows in most cases, but there are exceptions, e.g.\ the
|
|
Heartbleed bug in OpenSSL which allowed dumping secret keys from memory. Out of
|
|
bounds writes are almost always critical and result in code execution
|
|
vulnerabilities or at least application crashes.
|
|
|
|
% Ever since the first programming languages were designed, security has been a
|
|
% concern of software developers. With more advanced programming languages, that
|
|
% did automatic memory management, some classes of errors were fixed. But
|
|
% languages with unsafe, manual memory management are still in use and power
|
|
% critical parts of the worlds infrastructure.
|
|
|
|
\section{Sources}
|
|
|
|
\begin{itemize}
|
|
|
|
\item RAD:\ A Compile-Time Solution to Buffer Overflow Attacks\cite{Rad2001}
|
|
(might not protect against e.g.\ vtable overrides, PLT address changes,
|
|
\dots)
|
|
|
|
\item Dependent types for low-level programming\cite{Dep2007}
|
|
|
|
\item StackGuard: Automatic Adaptive Detection and Prevention of
|
|
Buffer-Overflow Attachs\cite{Stackguard1998} (ineffective in combination
|
|
with information leaks)
|
|
|
|
\item Type-Assisted Dynamic Buffer Overflow Detection\cite{TypeAssisted2002}
|
|
|
|
\end{itemize}
|
|
|
|
|
|
\section{Main Part, TODO}\label{ref:main} %TODO!!!!
|
|
|
|
\subsection{Background}\label{ref:background}
|
|
|
|
text
|
|
|
|
\subsection{Concept and Methods}\label{ref:concept}
|
|
|
|
\begin{itemize}
|
|
\item Runtime bounds checks
|
|
|
|
\item Prevent overriding return address
|
|
|
|
\item Restricting language features to a secure subset
|
|
|
|
\item Static analysis
|
|
|
|
\item Dependent types (only allow indexing with values that are proven to be
|
|
in bounds)
|
|
|
|
\end{itemize}
|
|
|
|
\subsection{Discussion}\label{ref:discussion}
|
|
|
|
text
|
|
|
|
\section{Concusion and Outlook}\label{ref:conclusion}
|
|
|
|
text
|
|
|
|
|
|
\bibliographystyle{IEEEtran}
|
|
\bibliography{bibliography}
|
|
|
|
\end{document}
|
|
% vim: set filetype=tex ts=2 sw=2 tw=80 et spell :
|