Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information Security Applications

WISA 2005: Information Security Applications pp 179–193Cite as

Kimchi: A Binary Rewriting Defense Against Format String Attacks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3786))

Abstract

We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional printf with code calling a safer version of printf, safe_printf, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the printf code statically. In addition, it reduces the performance overhead of the patched program by not modifying the calls to printf with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Twillman, T.: Exploit for proftpd 1.2.0pre6 (1999), http://www.securityfocus.com/archive/1/28143/1999-09-16/1999-09-22/0

  2. The MITRE Corporation: CVE dictionary (2004), http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string

  3. tf8: Wu-Ftpd remote format string stack overwrite vulnerability (2000), http://www.securityfocus.com/bid/1387

  4. Osborne, A., McDonald, J.: Isc bind 4 nslookupcomplain() format string vulnerability (2001), http://www.securityfocus.com/bid/2309

  5. Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: The 10th USENIX Security Symposium, Washington, DC, pp. 191–200 (2001)

    Google Scholar 

  6. scut / team teso: Exploiting format string vulnerabilities (2001), http://www.cs.ucsb.edu/~jzhou/security/formats-teso.html

  7. Lhee, K.S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Software: Practice and Experience 33, 423–460 (2003)

    Article  Google Scholar 

  8. gera, riq: Advances in format string exploitation (2002), http://www.phrack.org/phrack/59/p59-0x07.txt

  9. Core Security Team: Vulnerabilities in your code - format strings (2002), http://www.core-sec.com/examples/core_format_strings.pdf

  10. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symposium (SECURITY 2001), pp. 201–220. USENIX Association, Berkeley (2001)

    Google Scholar 

  11. Robbins, T.J.: libformat (2000), http://www.securityfocus.com/data/tools/libformat-1.0pre5.tar.gz

  12. Singh, N., Tsai, T.: Libsafe 2.0: Detection of format string vulnerability exploits (2001), http://www.research.avayalabs.com/project/libsafe/doc/whitepaper-20.ps

  13. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature gerneration of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (2005)

    Google Scholar 

  14. Prasad, M., Chiueh, T.C.: A binary rewriting defense against stack-based buffer overflow attacks. In: The Proceedings of USENIX 2003 Annual Technical Conference, pp. 211–224 (2003)

    Google Scholar 

  15. Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1, 323–337 (1992)

    Article  Google Scholar 

  16. Ramalingam, G.: The undecidability of aliasing. ACM Transactions on Programming Languages and Systems 16, 1467–1471 (1994)

    Article  Google Scholar 

  17. Kildall, G.A.: A unified approach to global program optimization. In: ACM Symposium on Principles of Programming Languages, pp. 194–206 (1973)

    Google Scholar 

  18. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)

    Google Scholar 

  19. Tool Interface Standard (TIS) Committee: Executable and linking format (ELF) specification, version 1.2 (1995)

    Google Scholar 

  20. Emmerik, M.V.: Signatures for library functions in executable files. Technical Report FIT-TR-1994-02 (1994)

    Google Scholar 

  21. Guilfanov, I.: DataRescue: Fast library identification and recognition technology (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Chonnam National University, 300 Yongbong-dong, Buk-gu, Gwangju, 500-757, Korea

    Jin Ho You, Seong Chae Seo, Young Dae Kim & Byung Ki Kim

  2. School of Electrical Engineering and Computer Science, Kyungpook National University, Daegu, 702-701, Korea

    Jun Yong Choi

  3. Department of Internet Information Communication, Shingyeong University, 1485 Namyang-dong, Hwaseong-si, Gyeonggi-do, 445-852, Korea

    Sang Jun Lee

Authors
  1. Jin Ho You
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seong Chae Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Young Dae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun Yong Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sang Jun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Byung Ki Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Yonsei University, Shinchon-Dong, 134, Seodaemun-gu, 120-749, Seoul, Korea

    Joo-Seok Song

  2. School of Computer Science and Engineering, Seoul National University,  

    Taekyoung Kwon

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

You, J.H., Seo, S.C., Kim, Y.D., Choi, J.Y., Lee, S.J., Kim, B.K. (2006). Kimchi: A Binary Rewriting Defense Against Format String Attacks. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_14

Download citation

  • DOI: https://doi.org/10.1007/11604938_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31012-9

  • Online ISBN: 978-3-540-33153-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation