Automatic Patch Generation for Buffer Overflow Attacks

Control-hijacking attacks exploit vulnerabilities in network services to take control of them and eventually their underlying machines. Although much work has been done on detection and prevention of control-hijacking attacks, most of them did not address the problem of repairing the attacked network services so as to prevent the same attacks from recurring. Ideally, post-attack repair should consist of an attack signature generation component that creates a filtering rule for front-end firewall or intrusion prevention system to block the detected attack and its variants, and a patch generation component that creates a fix to permanently eliminate the vulnerabilities that the detected attack exploits. This paper describes the design, implementation and evaluation of a program transformation and execution trace analysis system called PASAN that can automatically instrument the source code of network service programs in such a way that it can detect control-hijacking attacks and automatically generate patches to seal the vulnerability being exploited by the detected attack. We have implemented the first PASAN prototype as a GNU C compiler extension that aims at stack- based buffer overflow attacks but could be easily generalized to accommodate other control-hijacking attacks. Testing this prototype with seven network daemon programs with known vulnerabilities show that the automatically generated patches can successfully fix the vulnerability. In addition, these patches are similar in their structure to those that are manually created. The run-time performance overhead of application programs instrumented by PASAN is between 10% and 23%, except two programs, whose CPU consumption is low.