RAD: A compile-time solution to buffer overflow attacks

T. Chiueh, F. H. Hsu

Research output: Contribution to conferencePaperpeer-review

185 Scopus citations


Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This paper presents a compiler-based solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Return Address Defender (RAD) is a simple compiler patch that automatically creates a safe area to store a copy of return addresses and automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks. Using it to protect a program does not need to modify the source code of the protected programs. Moreover, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Empirical performance measurements on a fully operational RAD prototype show that programs protected by RAD only experience a factor of between 1.01 to 1.31 slow-down. In this paper we present the principle of buffer overflow attacks, a taxonomy of defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.

Original languageEnglish
Number of pages9
StatePublished - 2001
Event21st IEEE International Conference on Distributed Computing Systems - Mesa, AZ, United States
Duration: 16 Apr 200119 Apr 2001


Conference21st IEEE International Conference on Distributed Computing Systems
Country/TerritoryUnited States
CityMesa, AZ


Dive into the research topics of 'RAD: A compile-time solution to buffer overflow attacks'. Together they form a unique fingerprint.

Cite this