New Years Resolution: No More Research in New Clothes for a Naked Emperor
This is the time of year when everyone makes new year’s resolutions. I’m proposing one for program chairs for security conferences: it’s time to “just say no” to yet another paper on how to control damage from buffer overflows and format string attacks. I’ve been attending security conferences for about 20 years, and for at least 10 of those there have been numerous papers about how buffer overflows and format string attacks happen, and how to stop them.
As examples, I offer the following from the recent ACSAC conference:
If you look at any recent security research conference (such as USENIX Security), you’ll similarly find papers on the subject.
We know how to solve problems like this - strongly typed languages like Java and C# are nearly completely effective at preventing these types of attacks. So why are we continuing to invest our scarce research funding in problems like this?
Could you imagine a medical conference where 10% of the presentations were on ways to prevent smokers from getting lung cancer? I’m sure there’s research in figuring out why non-smokers get lung cancer (as well as treatment for the cancers of both smokers and non-smokers), but let’s put our research where it can do some good!
So as my small step, my pledge for 2008 is to reject any papers submitted to me (as a paper reviewer for conferences and magazines) that could be solved by simply using a type-safe language.
As examples, I offer the following from the recent ACSAC conference:
- “Automated Format String Attack Prevention for Win32/X86 Binaries”
- “The Age of Data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack”
If you look at any recent security research conference (such as USENIX Security), you’ll similarly find papers on the subject.
We know how to solve problems like this - strongly typed languages like Java and C# are nearly completely effective at preventing these types of attacks. So why are we continuing to invest our scarce research funding in problems like this?
Could you imagine a medical conference where 10% of the presentations were on ways to prevent smokers from getting lung cancer? I’m sure there’s research in figuring out why non-smokers get lung cancer (as well as treatment for the cancers of both smokers and non-smokers), but let’s put our research where it can do some good!
So as my small step, my pledge for 2008 is to reject any papers submitted to me (as a paper reviewer for conferences and magazines) that could be solved by simply using a type-safe language.
2 Comments:
I don't think it is that the languages you mention are strongly typed (C++ is strongly typed) it is that they a fully memory managed. Java and C# control how programmers deal with memory. Assuming the JVM or CLR works as designed, it prevents these types of memory management errors. Essentially it centralizes parts of the memory management code to better improve the chances of avoiding such errors.
The problem goes beyond simply buffer overflows. I wrote about the topic here: http://snipurl.com/1whpb (on the CERIAS blog)
Post a Comment
Subscribe to Post Comments [Atom]
<< Home