SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities
Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program whe...
Uložené v:
| Vydané v: | IEEE transactions on dependable and secure computing Ročník 10; číslo 6; s. 368 - 379 |
|---|---|
| Hlavní autori: | , , , , , , |
| Médium: | Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
Washington
IEEE
01.11.2013
IEEE Computer Society |
| Predmet: | |
| ISSN: | 1545-5971, 1941-0018 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a serious problem on service-oriented platforms. This paper presents SafeStack, a system that can automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions, which provides a fundamental and effective protection against recurrence of the same attack without stopping normal system execution. We developed a prototype on a Linux system, and conducted extensive experiments to evaluate the effectiveness and performance of the system using a range of applications. Our experimental results showed that SafeStack can quickly generate runtime patches to successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for the patched applications. |
|---|---|
| AbstractList | Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a serious problem on service-oriented platforms. This paper presents SafeStack, a system that can automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions, which provides a fundamental and effective protection against recurrence of the same attack without stopping normal system execution. We developed a prototype on a Linux system, and conducted extensive experiments to evaluate the effectiveness and performance of the system using a range of applications. Our experimental results showed that SafeStack can quickly generate runtime patches to successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for the patched applications. Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a serious problem on service-oriented platforms. This paper presents SafeStack, a system that can automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions, which provides a fundamental and effective protection against recurrence of the same attack without stopping normal system execution. We developed a prototype on a Linux system, and conducted extensive experiments to evaluate the effectiveness and performance of the system using a range of applications. Our experimental results showed that SafeStack can quickly generate runtime patches to successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for the patched applications. [PUBLICATION ABSTRACT] |
| Author | Hai Jin Weide Zheng Zhenkai Liang Bing Bing Zhou Deqing Zou Gang Chen Xuanhua Shi |
| Author_xml | – sequence: 1 givenname: Gang surname: Chen fullname: Chen, Gang – sequence: 2 givenname: Hai surname: Jin fullname: Jin, Hai – sequence: 3 givenname: Deqing surname: Zou fullname: Zou, Deqing – sequence: 4 givenname: Bing Bing surname: Zhou fullname: Zhou, Bing Bing – sequence: 5 givenname: Zhenkai surname: Liang fullname: Liang, Zhenkai – sequence: 6 givenname: Weide surname: Zheng fullname: Zheng, Weide – sequence: 7 givenname: Xuanhua surname: Shi fullname: Shi, Xuanhua |
| BookMark | eNp1kE1P4zAQhq0VSJSyt73tJRIXDqR4_JHG3Gj5lIpYqexeLScZLwY3AdsB9d9vSlcckDjNK80zo1fPPtlpuxYJ-QF0AkDVyf35cj5hFPiEyW9kBEpATimUO0OWQuZSTWGP7Mf4SCkTpRIjcrs0FpfJ1E-n2VmfupVJrjber7NfJtUPrv2bvW_zmYnYZLPeWgzZ3SsG67u37E_vWwymct4lh_GA7FrjI37_P8fk9-XF_fw6X9xd3czPFnnNoUi5qUpUUIFiTSlNyQ1DPsQGZEN5xZumQdoAKFoxVVKDVIAVtKTW1pwxyfmYHG3_PofupceY9MrFGr03LXZ91FBMQUw5l2pADz-hj10f2qGdBiHU0AFUMVBsS9WhizGg1bVLg4quTcE4r4HqjWG9Maw3hvVQY0yOPx09B7cyYf0V_nOLO0T8QAvJFJ0W_B8eXIZP |
| CODEN | ITDSCM |
| CitedBy_id | crossref_primary_10_1002_sec_849 crossref_primary_10_47164_ijngc_v12i4_310 crossref_primary_10_1051_itmconf_20160703004 crossref_primary_10_1109_ACCESS_2019_2901951 crossref_primary_10_1049_iet_sen_2014_0185 crossref_primary_10_1109_TPDS_2015_2430854 crossref_primary_10_3390_mi12121450 crossref_primary_10_1002_cpe_3190 crossref_primary_10_1145_3736729 crossref_primary_10_1007_s11859_014_1030_4 crossref_primary_10_3390_app12073584 crossref_primary_10_1016_j_scico_2025_103281 crossref_primary_10_1007_s11390_019_1955_3 crossref_primary_10_1016_j_jss_2023_111652 crossref_primary_10_1109_TIFS_2023_3299454 crossref_primary_10_1109_TCC_2018_2883063 crossref_primary_10_1109_ACCESS_2020_3036118 |
| Cites_doi | 10.1109/SP.2008.30 10.1007/11556992_1 10.1109/FTCS.1995.466961 10.1145/1065010.1065034 10.1145/1095810.1095824 10.1145/1055626.1055633 10.1109/ICDSC.2001.918971 10.1145/1102120.1102151 10.1007/978-3-540-73986-9_2 10.1145/1508244.1508250 10.1145/1095810.1095833 10.1145/1133981.1134000 10.1145/1519065.1519083 10.1109/MSP.2005.144 10.1109/MC.2004.71 10.1109/CLUSTER.2010.18 10.1145/1102120.1102150 10.1109/IAS.2007.87 |
| ContentType | Journal Article |
| Copyright | Copyright IEEE Computer Society Nov/Dec 2013 |
| Copyright_xml | – notice: Copyright IEEE Computer Society Nov/Dec 2013 |
| DBID | 97E RIA RIE AAYXX CITATION JQ2 7SC 7SP 8FD F28 FR3 L7M L~C L~D |
| DOI | 10.1109/TDSC.2013.25 |
| DatabaseName | IEEE Xplore (IEEE) IEEE All-Society Periodicals Package (ASPP) 1998-Present IEEE Electronic Library (IEL) CrossRef ProQuest Computer Science Collection Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ANTE: Abstracts in New Technology & Engineering Engineering Research Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef ProQuest Computer Science Collection Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts Computer and Information Systems Abstracts Engineering Research Database Advanced Technologies Database with Aerospace ANTE: Abstracts in New Technology & Engineering Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | ProQuest Computer Science Collection Technology Research Database |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1941-0018 |
| EndPage | 379 |
| ExternalDocumentID | 3120484711 10_1109_TDSC_2013_25 6529076 |
| Genre | orig-research Feature |
| GroupedDBID | .4S .DC 0R~ 29I 4.4 5GY 5VS 6IK 7WY 8FE 8FG 8FL 8R4 8R5 97E AAJGR AARMG AASAJ AAWTH ABAZT ABJCF ABQJQ ABUWG ABVLG ACGFO ACIWK AENEX AETIX AFKRA AGQYO AGSQL AHBIQ AIBXA AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ARAPS ARCSS ATWAV AZQEC BEFXN BENPR BEZIV BFFAM BGLVJ BGNUA BKEBE BPEOZ BPHCQ CCPQU CS3 DU5 DWQXO EBS EDO EJD FRNLG GNUQQ HCIFZ HZ~ IEDLZ IFIPE IPLJI ITG ITH JAVBF K60 K6V K6~ K7- L6V LAI M0C M43 M7S O9- OCL P2P P62 PHGZM PHGZT PQBIZ PQBZA PQGLB PQQKQ PROAC PTHSS PUEGO Q2X RIA RIE RNI RNS RZB AAYXX AFFHD CITATION JQ2 7SC 7SP 8FD F28 FR3 L7M L~C L~D |
| ID | FETCH-LOGICAL-c316t-ab8e91b192d85a83a2e32d8d15d03b3ddde0d1190b2980ae041f4080ffc322533 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 33 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000326835700004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1545-5971 |
| IngestDate | Wed Oct 01 10:44:40 EDT 2025 Fri Nov 07 01:46:34 EST 2025 Tue Nov 18 22:31:17 EST 2025 Sat Nov 29 08:09:59 EST 2025 Wed Aug 27 02:56:15 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Issue | 6 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c316t-ab8e91b192d85a83a2e32d8d15d03b3ddde0d1190b2980ae041f4080ffc322533 |
| Notes | SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 14 ObjectType-Article-1 ObjectType-Feature-2 content type line 23 |
| PQID | 1449192196 |
| PQPubID | 27603 |
| PageCount | 12 |
| ParticipantIDs | proquest_miscellaneous_1671473359 proquest_journals_1449192196 crossref_primary_10_1109_TDSC_2013_25 crossref_citationtrail_10_1109_TDSC_2013_25 ieee_primary_6529076 |
| PublicationCentury | 2000 |
| PublicationDate | 2013-11-01 |
| PublicationDateYYYYMMDD | 2013-11-01 |
| PublicationDate_xml | – month: 11 year: 2013 text: 2013-11-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Washington |
| PublicationPlace_xml | – name: Washington |
| PublicationTitle | IEEE transactions on dependable and secure computing |
| PublicationTitleAbbrev | TDSC |
| PublicationYear | 2013 |
| Publisher | IEEE IEEE Computer Society |
| Publisher_xml | – name: IEEE – name: IEEE Computer Society |
| References | ref13 ref35 Ruwase (ref8) ref15 (ref5) 2012 ref14 Candea (ref23) Nicholls (ref3) 2013 ref17 ref16 ref38 ref19 ref18 (ref29) 2013 (ref30) 2013 Cowan (ref4) (ref26) 2013 (ref1) 2013 Bhatkar (ref11) Sidiroglou (ref41) ref24 (ref33) 2013 Keromytis (ref37) Rinard (ref34) ref20 ref42 ref22 ref21 ref43 (ref25) 2013 (ref28) 2013 (ref31) 2012 Baratloo (ref36) (ref10) 2013 (ref2) 2013 ref7 Prasad (ref6) Locasto (ref45) Bhatkar (ref12) Cowan (ref9) (ref32) 2013 ref40 Locasto (ref39) (ref27) 2013 Sidiroglou (ref44) |
| References_xml | – ident: ref35 doi: 10.1109/SP.2008.30 – start-page: 63 volume-title: Proc. Seventh Conf USENIX Security Symp. ident: ref4 article-title: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks – start-page: 219 volume-title: Proc. USENIX Annu. Technical Conf. ident: ref45 article-title: From STEM to SEAD: Speculative Execution for Automated Defense – volume-title: ProFTPD year: 2013 ident: ref30 article-title: A Highly Configurable GPL-Licensed FTP Server Software – volume-title: Hex-Rays year: 2013 ident: ref26 article-title: IDAPro Multi-Processor Disassembler and Debug-ger – start-page: 303 volume-title: Proc. Sixth Conf Symp. Operating Systems Design Implementation ident: ref34 article-title: Enhancing Server Availability and Security through Failure-Oblivious Computing – start-page: 95 volume-title: Proc. Internet Soc. Symp. Network Distributed Systems Security ident: ref39 article-title: Software Self-Healing Using Collaborative Application Communities – ident: ref43 doi: 10.1007/11556992_1 – start-page: 91 volume-title: Proc. 12th Conf USENIX Security Symp. ident: ref9 article-title: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities – ident: ref38 doi: 10.1109/FTCS.1995.466961 – ident: ref24 doi: 10.1145/1065010.1065034 – ident: ref40 doi: 10.1145/1095810.1095824 – ident: ref42 doi: 10.1145/1055626.1055633 – volume-title: LHTTPd Development Team year: 2013 ident: ref28 article-title: A Light HTTP Server and Content Management System – start-page: 251 volume-title: Proc. USENIX Annu. Technical Conf ident: ref36 article-title: Transparent Run-Time Defense against Stack Smashing Attacks – volume-title: Symantec year: 2013 ident: ref27 article-title: Thttpd Defang Remote Buffer Overflow Vulnerabil-ity – ident: ref7 doi: 10.1109/ICDSC.2001.918971 – volume-title: Symantec year: 2013 ident: ref29 article-title: Atphttpd Remote GET Request Buffer Overrun Vulnerability – ident: ref19 doi: 10.1145/1102120.1102151 – volume-title: Symantec year: 2013 ident: ref33 article-title: Prozilla Buffer Overflow Vulnerability – volume-title: Proc. Fourth Int’l Conf Math. Methods, Models Architectures Computer Networks Security ident: ref37 article-title: Characterizing Self-Healing Software Systems doi: 10.1007/978-3-540-73986-9_2 – ident: ref15 doi: 10.1145/1508244.1508250 – start-page: 159 volume-title: Proc. 11th Annu. Network Distributed System Security Symp. ident: ref8 article-title: A Practical Dynamic Buffer Overflow Detector – year: 2012 ident: ref5 article-title: A Stack Smashing Technique Protection Tool for Linux – ident: ref13 doi: 10.1145/1095810.1095833 – ident: ref22 doi: 10.1145/1133981.1134000 – year: 2013 ident: ref1 article-title: US-CERT Vulnerability Notes Database – ident: ref21 doi: 10.1145/1519065.1519083 – ident: ref14 doi: 10.1109/MSP.2005.144 – ident: ref18 doi: 10.1109/MC.2004.71 – volume-title: Symantec year: 2013 ident: ref32 article-title: Newspost Remote Buffer Overflow Vulnerability – volume-title: Icecast year: 2012 ident: ref31 article-title: A GPL Streaming Media Server – year: 2013 ident: ref3 article-title: Tutorial: SEH Based Exploits and the Development Process – start-page: 271 volume-title: Proc. 14th Conf USENIX Security Symp. ident: ref12 article-title: Efficient Techniques for Comprehensive Protection from Memory Error Exploits – year: 2013 ident: ref2 article-title: Internet Security Threat Report – start-page: 31 volume-title: Proc. Sixth Conf Symp. Operating Systems Design Implementation ident: ref23 article-title: Microreboot-A Technique for Cheap Recovery – start-page: 102 volume-title: Proc. Third Workshop Hot Topics System Dependability ident: ref44 article-title: Band-Aid Patching – ident: ref16 doi: 10.1109/CLUSTER.2010.18 – volume-title: Proc. 12th USENIX Security Symp. ident: ref11 article-title: Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits – volume-title: PaX Team year: 2013 ident: ref10 article-title: PaX – start-page: 149 volume-title: Proc. USENIX Annu. Technical Conf ident: ref41 article-title: Building a Reactive Immune System for Software Services – start-page: 211 volume-title: Proc. USENIX Annu. Technical Conf ident: ref6 article-title: A Binary Rewriting Defense against Stack Based Buffer Overflow Attacks – ident: ref17 doi: 10.1145/1102120.1102150 – ident: ref20 doi: 10.1109/IAS.2007.87 – year: 2013 ident: ref25 article-title: Libdasm: A Disassembly Library |
| SSID | ssj0024894 |
| Score | 2.203834 |
| Snippet | Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 368 |
| SubjectTerms | Acceptability attack prevention Availability buffer overflow vulnerability diagnosis Buffers Computer information security Computer memory Computer security Computer viruses Cybersecurity Fault diagnosis Information storage Linux Mathematical models Patching Platforms Prototypes Rendering Software reliability Studies |
| Title | SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities |
| URI | https://ieeexplore.ieee.org/document/6529076 https://www.proquest.com/docview/1449192196 https://www.proquest.com/docview/1671473359 |
| Volume | 10 |
| WOSCitedRecordID | wos000326835700004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE Electronic Library (IEL) customDbUrl: eissn: 1941-0018 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0024894 issn: 1545-5971 databaseCode: RIE dateStart: 20040101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8QwEB508eDF9Ynriwh60mrTpE3qbX3hwcfCqngrbZOAWLayu1X8906y3SqoBy8lkKEtM5nkm2TyDcBenjpWJ-pR4yuPZwZ9Til88IhpNLjKtOOZvRa3t_LpKe7NwGFzF0Zr7ZLP9JFturN8VeaV3So7jsIAY7loFmaFiCZ3tb549aQremgRgYcgmTZJ7vHx_Xn_zCZxMVcQ-9vy4-qp_JiE3cpy2f7fPy3CQo0gSXdi8iWY0YNlaE-rM5DaWVfgpp8ajVgyfzkh3WpcOm7WtCg-SA-nX7vxRFyvd4oLmSKnla2UQu5waJuifCePVWEJqV3uLEbTq_BweXF_duXVxRO8nNFo7KWZ1DHNEMApGaaSpYFm2FQ0VD7LmMJpzVcU4UAWxNJPtc-p4QgfjcmtjzO2Bq1BOdDrQCzfD5cZYhmJ_i5yGQgttDK-4ZIrEXTgYKrTJK-ZxW2BiyJxEYYfJ9YCibVAEoQd2G-kXyeMGn_IrVhtNzK1ojuwNTVXUrvbCOMXHltitxi7d5tudBR7-pEOdFmhTCQoF4yF8cbvb96EefvpyUXDLWiNh5Xehrn8bfw8Gu640fYJp3bSkQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8QwEB58gV58i6urRtCT1m2atE29-URxXQVX8VbaJgGxbMXdKv57J9luFdSDlxLIUEImk3yTzHwDsJMlltWJOlS70uGpRpuTEj88YAoVLlNleWbbYacjHh-j2zHYr3NhlFI2-EwdmKZ9y5dFVpqrslbge-jLBeMw6XPuucNsrS9mPWHLHhpM4CBMpnWYe9Tqnt6dmDAuZktifzuAbEWVH9uwPVvO5_43qnmYrTAkORoqfQHGVG8R5kb1GUhlrktwfZdohWgyez4kR-WgsOysSZ5_kFvcgM3VE7G9zjEeZZIcl6ZWCrnBxa3z4p08lLmhpLbRs-hPL8P9-Vn35MKpyic4GaPBwElSoSKaIoSTwk8ESzzFsCmpL12WMokbmyspAoLUi4SbKJdTzRFAap0ZK2dsBSZ6RU-tAjGMP1ykiGYEWnyYCS9UoZLa1VxwGXoN2BvNaZxV3OKmxEUeWx_DjWKjgdhoIPb8BuzW0i9DTo0_5JbMbNcy1UQ3oDlSV1wZXB89GB4ZarcIu7frbjQV8_6R9FRRokwQUh4y5kdrv_95C6YvutftuH3ZuVqHGTOMYdphEyYGr6XagKnsbfDUf920K-8Tw1PV2A |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=SafeStack%3A+Automatically+Patching+Stack-Based+Buffer+Overflow+Vulnerabilities&rft.jtitle=IEEE+transactions+on+dependable+and+secure+computing&rft.au=Chen%2C+Gang&rft.au=Jin%2C+Hai&rft.au=Zou%2C+Deqing&rft.au=Zhou%2C+Bing+Bing&rft.date=2013-11-01&rft.pub=IEEE+Computer+Society&rft.issn=1545-5971&rft.eissn=1941-0018&rft.volume=10&rft.issue=6&rft.spage=368&rft_id=info:doi/10.1109%2FTDSC.2013.25&rft.externalDBID=NO_FULL_TEXT&rft.externalDocID=3120484711 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1545-5971&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1545-5971&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1545-5971&client=summon |