Preventing Variadic Function Attacks Through Argument Width Counting

Author

Brennan Ward, University of South Florida

Graduation Year

2022

Document Type

Thesis

Degree

M.S.Cp.

Degree Name

MS in Computer Engineering (M.S.C.P.)

Degree Granting Department

Computer Science and Engineering

Major Professor

Jay Ligatti, Ph.D.

Committee Member

Mehran Mozaffari Kermani, Ph.D.

Committee Member

Yao Liu, Ph.D.

Keywords

Buffer Overflows, Computer Security, Format String Attacks

Abstract

Format String attacks, first noted in June 2000 [1], are a type of attack in which anadversary has control of the string argument (the format string) passed to a string format function (such as printf). Such control allows the attacker to read and write arbitrary program memory. To prevent these attacks, various methodologies have been proposed, each with their own costs and benefits. I present a novel solution to this problem through argument width counting, ensuring that such format functions cannot access stack memory beyond the space where arguments were placed. Additionally, I show how this approach can be expanded to all variadic functions, and demonstrate an implementation of this approach within a C compiler.

Scholar Commons Citation

Ward, Brennan, "Preventing Variadic Function Attacks Through Argument Width Counting" (2022). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/9828