SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities

Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program whe...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on dependable and secure computing Ročník 10; číslo 6; s. 368 - 379
Hlavní autoři: Chen, Gang, Jin, Hai, Zou, Deqing, Zhou, Bing Bing, Liang, Zhenkai, Zheng, Weide, Shi, Xuanhua
Médium: Journal Article
Jazyk:angličtina
Vydáno: Washington IEEE 01.11.2013
IEEE Computer Society
Témata:
Acceptability
attack prevention
Availability
buffer overflow vulnerability diagnosis
Buffers
Computer information security
Computer memory
Computer security
Computer viruses
Cybersecurity
Fault diagnosis
Information storage
Linux
Mathematical models
Patching
Platforms
Prototypes
Rendering
Software reliability
Studies
ISSN:1545-5971, 1941-0018
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a serious problem on service-oriented platforms. This paper presents SafeStack, a system that can automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions, which provides a fundamental and effective protection against recurrence of the same attack without stopping normal system execution. We developed a prototype on a Linux system, and conducted extensive experiments to evaluate the effectiveness and performance of the system using a range of applications. Our experimental results showed that SafeStack can quickly generate runtime patches to successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for the patched applications.
Bibliografie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2013.25