Stack Memory Buffer Overflow Protection based on Duplication and Randomization

With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper,...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Procedia computer science Ročník 21; s. 250 - 256
Hlavní autoři: Alouneh, Sahel, Kharbutli, Mazen, AlQurem, Rana
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier B.V 2013
Témata:
Buffer overflow
Security
Stack-based protection
Security
Stack-based protection
Buffer overflow
ISSN:1877-0509, 1877-0509
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper, a software based solution for stack-based vulnerabilities and attacks is proposed and implemented. The proposed solution involves creating a new patch tool that fixes a wide-range of stack related vulnerabilities in the existing applications. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomizes the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2013.09.033