Driving Home the Buffer Overflow Problem: A Training Module for Programmers and Managers

Author:
Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle
File Size:
67.78 kB
Date:
01 June 2002
Downloads:
834 x

Repeatedly, news headlines read: "Buffer overflow in vendor’s product allows intruders to take over computer!” This widespread programming mistake is easy to make, exacerbated by the ubiquitous C language, and very simple to exploit. We describe a demonstration (a Java applet) appropriate for a traditional programming course to drive home key points: why buffer overflows occur, how overflows open the door to attackers, and why certain defense mechanisms should be used. The module is in its early stages of experimental use, with a formative evaluation to determine how well the module works and opportunities for its improvement.

Driving Home the Buffer Overflow Problem: A Training Module for Programmers and Managers