Check out the new USENIX Web site. next up previous
Next: Availability Up: StackGuard: Automatic Adaptive Detection Previous: Type-Safe Languages

Conclusions

 

We have presented StackGuard, a systematic compiler tool that prevents a broad class of buffer overflow security attacks from succeeding. We presented both security and performance analysis of the tool. Because the tool is oblivious to the specific attack and vulnerability being exploited, it is expected that this tool will also be able to stop buffer overflow attacks that have yet to be discovered, reducing the need for constant, rapid patching of software to stay secure.

In its most basic form, the tool requires only re-compilation to make a program largely secure against buffer overflow attacks. In more elaborate forms, it provides an adaptive response to buffer overflow attacks, allowing systems to be configured to trade performance for survivability. We concluded with discussion on how to generalize these techniques to other areas of security vulnerability.



Crispin Cowan
Tue Dec 9 16:04:30 PST 1997