Stack Memory Buffer Overflow Protection based on Duplication and Randomization

With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper,...

Full description

Saved in:
Bibliographic Details
Published in:Procedia computer science Vol. 21; pp. 250 - 256
Main Authors: Alouneh, Sahel, Kharbutli, Mazen, AlQurem, Rana
Format: Journal Article
Language:English
Published: Elsevier B.V 2013
Subjects:
Buffer overflow
Security
Stack-based protection
Security
Stack-based protection
Buffer overflow
ISSN:1877-0509, 1877-0509
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper, a software based solution for stack-based vulnerabilities and attacks is proposed and implemented. The proposed solution involves creating a new patch tool that fixes a wide-range of stack related vulnerabilities in the existing applications. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomizes the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2013.09.033