Stack Memory Buffer Overflow Protection based on Duplication and Randomization

With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Procedia computer science Jg. 21; S. 250 - 256
Hauptverfasser: Alouneh, Sahel, Kharbutli, Mazen, AlQurem, Rana
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier B.V 2013
Schlagworte:
Buffer overflow
Security
Stack-based protection
Security
Stack-based protection
Buffer overflow
ISSN:1877-0509, 1877-0509
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper, a software based solution for stack-based vulnerabilities and attacks is proposed and implemented. The proposed solution involves creating a new patch tool that fixes a wide-range of stack related vulnerabilities in the existing applications. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomizes the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2013.09.033