ABOR: An Automatic Framework for Buffer Overflow Removal in C/C++Programs

  • Sun DingEmail author
  • Hee Beng Kuan Tan
  • Hongyu Zhang
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 227)


Buffer overflow vulnerability is one of the commonly found significant security vulnerabilities. This vulnerability may occur if a program does not sufficiently prevent input from exceeding intended size and accessing unintended memory locations. Researchers have put effort in different directions to address this vulnerability. How, authorized reports and data showed that as more sophisticated attack vectors are being discovered, efforts on a single direction are not sufficient to resolve this critical issue well. In this paper, we characterize buffer overflow vulnerability in four patterns and propose ABOR, a framework to remove buffer overflow vulnerabilities from source code automatically. It only patches identified code segments, which means it is an optimized solution that eliminates buffer overflows at the maximum while adds runtime overhead at the minimum. We have implemented the proposed approach and evaluated ABOR over a set of real world C/C++ applications. The results prove ABOR’s effectiveness in practice.


Buffer overflow Static analysis Automatic bug fixing Security vulnerability 



The authors thank the Jiangsu Celestvision from China for assisting this study and providing their internal programs for our experiment.


  1. 1.
    US-CERT (2014).
  2. 2.
    Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against C and C ++ programs. ACM Comput. Surv. 44, 1–28 (2012)CrossRefGoogle Scholar
  3. 3.
    Nagarakatte, S., Zhao, J., Martin, M.M.K., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 245–258. ACM, Dublin, Ireland (2009)Google Scholar
  4. 4.
    Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: a safe execution environment for commodity operating systems. SIGOPS Oper. Syst. Rev. 41, 351–366 (2007)CrossRefGoogle Scholar
  5. 5.
    Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings of the 28th international conference on Software engineering, pp. 162–171. ACM, Shanghai, China (2006)Google Scholar
  6. 6.
    Hafiz, M., Johnson, R.E.: Security-oriented program transformations. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 1–4. ACM, Oak Ridge, Tennessee (2009)Google Scholar
  7. 7.
    Vallentin, M.: On the Evolution of Buffer Overflows. Addison-Wesley Longman Publishing Co., Boston (2007)Google Scholar
  8. 8.
    Sinha, S., Harrold, M.J., Rothermel, G.: Interprocedural control dependence. ACM Trans. Softw. Eng. Methodol. 10, 209–254 (2001)CrossRefGoogle Scholar
  9. 9. Scholar
  10. 10.
    Lei, W., Qiang, Z., Pengchao, Z.: Automated detection of code vulnerabilities based on program analysis and model checking. In: Eighth IEEE International Working Conference on Source Code Analysis and Manipulation 2008, pp. 165–173 (2008)Google Scholar
  11. 11.
    Lin, Z., Jiang, X., Xu, D., Mao, B., Xie, L.: AutoPaG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM symposium on Information, Computer and Communications Security, pp. 329–340. ACM, Singapore (2007)Google Scholar
  12. 12.
    Lhee, K.-S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Softw. Pract. Exper. 33, 423–460 (2003)CrossRefGoogle Scholar
  13. 13.
    Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 477–526 (2005)CrossRefGoogle Scholar
  14. 14.
    Kundu, A., Bertino, E.: A new class of buffer overflow attacks. In: Proceedings of the 2011 31st International Conference on Distributed Computing Systems, pp. 730–739. IEEE Computer Society (2011)Google Scholar
  15. 15.
  16. 16.
    Le, W., Soffa, M.L.: Marple: a demand-driven path-sensitive buffer overflow detector. In: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 272–282. ACM, Atlanta, Georgia (2008)Google Scholar
  17. 17.
    Zitser, M., Lippmann, R., Leek, T.: Testing static analysis tools using exploitable buffer overflows from open source code. SIGSOFT Softw. Eng. Notes 29, 97–106 (2004)CrossRefGoogle Scholar
  18. 18.
    Lu, S., Li, Z., Qin, F., Tan, L., Zhou, P., Zhou, Y.: Bugbench: benchmarks for evaluating bug detection tools. In: Workshop on the Evaluation of Software Defect Detection Tools. (2005)Google Scholar
  19. 19.
    Miller, T.C., Raadt, T.D.: Strlcpy and strlcat: consistent, safe, string copy and concatenation. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, pp. 41–41. USENIX Association, Monterey, California (1999)Google Scholar
  20. 20.
  21. 21.
    Xie, Y., Chou, A., Engler, D.: ARCHER: using symbolic, path-sensitive analysis to detect memory access errors. In: ESEC/FSE-11: Proceedings of the 9th European Software Engineering Conference Held Jointly with 11th ACM SIGSOFT International Symposium On Foundations Of Software Engineering, pp. 327–336. ACM, (2004)Google Scholar
  22. 22.
    Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th Conference on USENIX Security Symposium, vol. 10, pp. 14–14. USENIX Association, Washington, D.C. (2001)Google Scholar
  23. 23.
    Dor, N., Rodeh, M., Sagiv, M.: CSSV: towards a realistic tool for statically detecting all buffer overflows in C. In: PLDI 2003: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 155–167. ACM, (2003)Google Scholar
  24. 24.
    Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Network and Distributed System Security Symposium (NDSS), pp. 149–162 (2003)Google Scholar
  25. 25.
    Xu, J., Kalbarczyk, Z., Patel, S., Ravishankar, I.: Architecture support for defending against buffer overflow attacks. In: Second Workshop on Evaluating and Architecting System Dependability, pp. 55–62 (2002)Google Scholar
  26. 26.
    Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A.: SmashGuard: a hardware solution to prevent security attacks on the function return address. IEEE Trans. Comput. 55, 1271–1285 (2006)CrossRefGoogle Scholar
  27. 27.
    Padmanabhuni, B., Tan, H.: Techniques for Defending from Buffer Overflow Vulnerability Security Exploits. Internet Computing, IEEE PP, 1–1 (2011)Google Scholar
  28. 28.
    Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the Network and Distributed System Security Symposium (2005)Google Scholar
  29. 29.
    Smirnov, A., Tzi-cker, C.: Automatic patch generation for buffer overflow attacks. In: Third International Symposium on Information Assurance and Security, IAS 2007, pp. 165–170 (2007)Google Scholar
  30. 30.
    Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worm epidemics. ACM Trans. Comput. Syst. 26, 1–68 (2008)CrossRefGoogle Scholar
  31. 31.
    Automatic Buffer Overflow Repairing (2014).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Electrical and Electronic EngineeringNanyang Technological UniversitySingapore citySingapore
  2. 2.School of SoftwareTsinghua UniversityBeijingChina

Personalised recommendations