Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems

We address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully...

Full description

Saved in:

Bibliographic Details
Published in:	Procedia computer science Vol. 83; pp. 1301 - 1306
Main Authors:	Leon, Erick, Bruda, Stefan D.
Format:	Journal Article
Language:	English
Published:	Elsevier B.V 2016
Subjects:	Buffer overflow GNU/Linux ptrace Stack ptrace Buffer overflow Stack GNU/Linux
ISSN:	1877-0509, 1877-0509
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Abstract	We address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly.
AbstractList	We address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly.
Author	Leon, Erick Bruda, Stefan D.
Author_xml	– sequence: 1 givenname: Erick surname: Leon fullname: Leon, Erick – sequence: 2 givenname: Stefan D. surname: Bruda fullname: Bruda, Stefan D. email: stefan@bruda.ca
BookMark	eNqFkMFOAjEQhhuDiYg8gZe-wC7ttuy2Bw9KFE1QDsi5abstKUKXtF2Ut3cRD8aDzmXmP3yTme8S9HzjDQDXGOUY4XK0zneh0TEvupAjmhcVOgN9zKoqQ2PEez_mCzCMcY26IoxxXPXBy6RpfTIhezYytsFEKFfS-ZjgIkn9Bu9aa02A870JdtO8R-g8nL4sRzPn2w8435kgk_MruDjEZLbxCpxbuYlm-N0HYPlw_zp5zGbz6dPkdpZpQlnKrCzMuGa1ZtzSkiilSMEKrKjFWqmq4BWlGJNac0KxJbXSlCmFSz3mhBelJAPAT3t1aGIMxgrtUndJ41OQbiMwEkc3Yi2-3IijG4Go6Nx0LPnF7oLbynD4h7o5UaZ7a-9MEFE747WpXTA6ibpxf_Kff82B4w
CitedBy_id	crossref_primary_10_1016_j_iot_2019_100055 crossref_primary_10_1016_j_procs_2019_09_437
Cites_doi	10.1016/j.jpdc.2006.04.010 10.5220/0005097803690376
ContentType	Journal Article
Copyright	2016 The Authors
Copyright_xml	– notice: 2016 The Authors
DBID	6I. AAFTH AAYXX CITATION
DOI	10.1016/j.procs.2016.04.270
DatabaseName	ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CrossRef
DatabaseTitle	CrossRef
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	1877-0509
EndPage	1306
ExternalDocumentID	10_1016_j_procs_2016_04_270 S1877050916303039
GroupedDBID	--K 0R~ 0SF 1B1 457 5VS 6I. 71M AACTN AAEDT AAEDW AAFTH AAIKJ AALRI AAQFI AAXUO ABMAC ACGFS ADBBV ADEZE AEXQZ AFTJW AGHFR AITUG ALMA_UNASSIGNED_HOLDINGS AMRAJ E3Z EBS EJD EP3 FDB FNPLU HZ~ IXB KQ8 M41 M~E NCXOZ O-L O9- OK1 P2P RIG ROL SES SSZ 9DU AAYWO AAYXX ABWVN ACRPL ACVFH ADCNI ADNMO ADVLN AEUPX AFPUW AIGII AKBMS AKRWK AKYEP CITATION ~HD
ID	FETCH-LOGICAL-c348t-fa2e5d8dc89f463bbb32821b4f1cbb729744113dc9341f3dbc48bb16c593926a3
ISICitedReferencesCount	4
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000387655000180&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	1877-0509
IngestDate	Sat Nov 29 02:44:53 EST 2025 Tue Nov 18 22:17:37 EST 2025 Tue May 16 22:27:33 EDT 2023
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Keywords	ptrace Buffer overflow Stack GNU/Linux
Language	English
License	http://creativecommons.org/licenses/by-nc-nd/4.0
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c348t-fa2e5d8dc89f463bbb32821b4f1cbb729744113dc9341f3dbc48bb16c593926a3
OpenAccessLink	https://dx.doi.org/10.1016/j.procs.2016.04.270
PageCount	6
ParticipantIDs	crossref_citationtrail_10_1016_j_procs_2016_04_270 crossref_primary_10_1016_j_procs_2016_04_270 elsevier_sciencedirect_doi_10_1016_j_procs_2016_04_270
PublicationCentury	2000
PublicationDate	2016 2016-00-00
PublicationDateYYYYMMDD	2016-01-01
PublicationDate_xml	– year: 2016 text: 2016
PublicationDecade	2010
PublicationTitle	Procedia computer science
PublicationYear	2016
Publisher	Elsevier B.V
Publisher_xml	– name: Elsevier B.V
References	Address Space Layout Randomization, (Mar.2003), https://pax.grsecurity.net/docs/aslr.txt, retrieved Feb. 2015. G. Duarte. Epilogues, Canaries, and Buffer Overflows, (Mar. 19 2014), http://duartes.org/gustavo/blog/post/epiloguescanaries-buffer-overflows/, retrieved Feb. 2015. Run-time Solutions to the Stack Overflow Problem, https://part.bruda.ca/papers/run-time_solutions_to_the_stack_overflow_problem. Shao, Xue, Zhuge, Sha (bib0055) Apr 2004; I J. Deckard, Defeating Overflow Attacks, GSEC Practical Assignment, Version 1.4b Option 1, SANS Institute InfoSec Reading Room (April. 14,2004),http://www.sans.org/readingroom/whitepapers/securecode/defeating-overflowattacks-1403. Leon (bib0085) May 2015 P. Roberts, At the Vulnerability Oscars, The Winner Is.. Buffer Overflow!!, https://www.veracode.com/blog/2013/02/at-thevulnerability-oscars-the-winner-is-buffer-overflow, retrieved April 2015. Dalton, Kannan, Kozyrakis (bib0040) Jul 2008 ptrace(2) – Linux man page, http://linux.die.net/man/2/ptrace, retrieved Feb. 2015. K. Piromsopa and R. J. Enbody, Secure Bit2: Transparent, Hardware Buffer-Overflow Protection, Michigan State University. Non-Executable Pages Design and Implementation, (May 2003), http://pax.grsecurity.net/docs/noexec.txt, retrievedFeb. 2015. Mr. Un1k0d3r RingZer0 Team, 64 Bits Linux Stack Buffer Overflow, http://www.exploitdb.com/wp-content/themes/exploit/docs/33698.pdf,retrieved Feb. 2015. Silberman, Johnson (bib0025) Jul 2004 Shao, Cao, Chan, Xue, -, Sha (bib0060) 2006; 66 Teissier and S. D. Bruda, Toward Preventing Stack Overflow Using Kernel Properties, in Proceedings of the 9th International Conference on Software Engineering and Applications (ICSOFT-EA, 2014), Vienna, Austria (August 2014), pp. 369-377. Chuang, Narayanasamy, Calder, Jhala (bib0030) 2007 Zhivich, Leek, Lippmann (bib0045) June 2005; 12 10.1016/j.procs.2016.04.270_bib0080 Dalton (10.1016/j.procs.2016.04.270_bib0040) 2008 Shao (10.1016/j.procs.2016.04.270_bib0055) 2004; I 10.1016/j.procs.2016.04.270_bib0015 Shao (10.1016/j.procs.2016.04.270_bib0060) 2006; 66 Zhivich (10.1016/j.procs.2016.04.270_bib0045) 2005; 12 10.1016/j.procs.2016.04.270_bib0035 10.1016/j.procs.2016.04.270_bib0005 Silberman (10.1016/j.procs.2016.04.270_bib0025) 2004 10.1016/j.procs.2016.04.270_bib0050 10.1016/j.procs.2016.04.270_bib0070 Leon (10.1016/j.procs.2016.04.270_bib0085) 2015 10.1016/j.procs.2016.04.270_bib0010 10.1016/j.procs.2016.04.270_bib0065 Chuang (10.1016/j.procs.2016.04.270_bib0030) 2007 10.1016/j.procs.2016.04.270_bib0020 10.1016/j.procs.2016.04.270_bib0075
References_xml	– reference: Non-Executable Pages Design and Implementation, (May 2003), http://pax.grsecurity.net/docs/noexec.txt, retrievedFeb. 2015. – volume: I start-page: 409 year: Apr 2004 end-page: 413 ident: bib0055 article-title: Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks, in Proceedings of the International Conference on Information Technology publication-title: Coding and Computing (ITCC 2004) – reference: J. Deckard, Defeating Overflow Attacks, GSEC Practical Assignment, Version 1.4b Option 1, SANS Institute InfoSec Reading Room (April. 14,2004),http://www.sans.org/readingroom/whitepapers/securecode/defeating-overflowattacks-1403. – start-page: 71 year: 2007 end-page: 86 ident: bib0030 article-title: Bounds Checking with Taint-Based Analysis, in Proceedings of the 2 nd International Conference on High Performance Embedded Architectures and Compilers (HiPEAC’07) publication-title: Ghent, Belgium (Jan. – reference: G. Duarte. Epilogues, Canaries, and Buffer Overflows, (Mar. 19 2014), http://duartes.org/gustavo/blog/post/epiloguescanaries-buffer-overflows/, retrieved Feb. 2015. – volume: 66 start-page: 1129 year: 2006 end-page: 1136 ident: bib0060 article-title: Hardware/Software Optimization for Array & Pointer Boundary Checking Against Buffer Overflow Attacks publication-title: Journal of Parallel and Distributed Computing – reference: Address Space Layout Randomization, (Mar.2003), https://pax.grsecurity.net/docs/aslr.txt, retrieved Feb. 2015. – reference: K. Piromsopa and R. J. Enbody, Secure Bit2: Transparent, Hardware Buffer-Overflow Protection, Michigan State University. – reference: Run-time Solutions to the Stack Overflow Problem, https://part.bruda.ca/papers/run-time_solutions_to_the_stack_overflow_problem. – year: May 2015 ident: bib0085 article-title: The “ptrace” Solution to Stack Integrity Attacks in GNU/Linux Systems publication-title: M. Sc.Thesis, Bishop's University, Sherbrooke, Quebec,Canada – year: Jul 2004 ident: bib0025 article-title: A Comparison of Buffer Overflow Prevention Implementations and Weaknesses, presentation at Black Hat USA, Caesar's Palace, Las Vegas publication-title: NV, USA. – reference: P. Roberts, At the Vulnerability Oscars, The Winner Is.. Buffer Overflow!!, https://www.veracode.com/blog/2013/02/at-thevulnerability-oscars-the-winner-is-buffer-overflow, retrieved April 2015. – year: Jul 2008 ident: bib0040 article-title: Real-World Buffer Overflow Protection for Userspace & Kernelspace, in Proceedins of the 17 th USENIX Security Symposium (USENIX Security’08), San Jose publication-title: California, USA. – reference: ptrace(2) – Linux man page, http://linux.die.net/man/2/ptrace, retrieved Feb. 2015. – volume: 12 year: June 2005 ident: bib0045 article-title: Dynamic Buffer Overflow Detection, in Proceedings of the 2005 Workshop on the Evaluation of Software Defect Detection Tools, Chicago publication-title: IL, USA – reference: Teissier and S. D. Bruda, Toward Preventing Stack Overflow Using Kernel Properties, in Proceedings of the 9th International Conference on Software Engineering and Applications (ICSOFT-EA, 2014), Vienna, Austria (August 2014), pp. 369-377. – reference: Mr. Un1k0d3r RingZer0 Team, 64 Bits Linux Stack Buffer Overflow, http://www.exploitdb.com/wp-content/themes/exploit/docs/33698.pdf,retrieved Feb. 2015. – ident: 10.1016/j.procs.2016.04.270_bib0015 – volume: 66 start-page: 1129 issue: 9 year: 2006 ident: 10.1016/j.procs.2016.04.270_bib0060 article-title: Hardware/Software Optimization for Array & Pointer Boundary Checking Against Buffer Overflow Attacks publication-title: Journal of Parallel and Distributed Computing doi: 10.1016/j.jpdc.2006.04.010 – volume: 12 year: 2005 ident: 10.1016/j.procs.2016.04.270_bib0045 article-title: Dynamic Buffer Overflow Detection, in Proceedings of the 2005 Workshop on the Evaluation of Software Defect Detection Tools, Chicago publication-title: IL, USA – ident: 10.1016/j.procs.2016.04.270_bib0020 – ident: 10.1016/j.procs.2016.04.270_bib0010 – ident: 10.1016/j.procs.2016.04.270_bib0070 – ident: 10.1016/j.procs.2016.04.270_bib0035 – start-page: 71 year: 2007 ident: 10.1016/j.procs.2016.04.270_bib0030 article-title: Bounds Checking with Taint-Based Analysis, in Proceedings of the 2 nd International Conference on High Performance Embedded Architectures and Compilers (HiPEAC’07) publication-title: Ghent, Belgium (Jan. – year: 2008 ident: 10.1016/j.procs.2016.04.270_bib0040 article-title: Real-World Buffer Overflow Protection for Userspace & Kernelspace, in Proceedins of the 17 th USENIX Security Symposium (USENIX Security’08), San Jose publication-title: California, USA. – ident: 10.1016/j.procs.2016.04.270_bib0075 – ident: 10.1016/j.procs.2016.04.270_bib0065 doi: 10.5220/0005097803690376 – ident: 10.1016/j.procs.2016.04.270_bib0050 – ident: 10.1016/j.procs.2016.04.270_bib0005 – volume: I start-page: 409 year: 2004 ident: 10.1016/j.procs.2016.04.270_bib0055 article-title: Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks, in Proceedings of the International Conference on Information Technology publication-title: Coding and Computing (ITCC 2004) – year: 2004 ident: 10.1016/j.procs.2016.04.270_bib0025 article-title: A Comparison of Buffer Overflow Prevention Implementations and Weaknesses, presentation at Black Hat USA, Caesar's Palace, Las Vegas publication-title: NV, USA. – ident: 10.1016/j.procs.2016.04.270_bib0080 – year: 2015 ident: 10.1016/j.procs.2016.04.270_bib0085 article-title: The “ptrace” Solution to Stack Integrity Attacks in GNU/Linux Systems publication-title: M. Sc.Thesis, Bishop's University, Sherbrooke, Quebec,Canada
SSID	ssj0000388917
Score	2.0450923
Snippet	We address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The...
SourceID	crossref elsevier
SourceType	Enrichment Source Index Database Publisher
StartPage	1301
SubjectTerms	Buffer overflow GNU/Linux ptrace Stack
Title	Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems
URI	https://dx.doi.org/10.1016/j.procs.2016.04.270
Volume	83
WOSCitedRecordID	wos000387655000180&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 1877-0509 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000388917 issn: 1877-0509 databaseCode: M~E dateStart: 20100101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1JT9wwFLbaaQ9cuoJKF-RDb2nKOIuXYxeghzL0ABW3KHZiNIDCaJYyJ35737OdkNLRqBx6iRJr4kz8vrzFeu97hLzPdAmBVa1jVlVlnCnJ8ZMaxrk1XOYiFcyVj_38LkYjeXqqfoQ83ZlrJyCaRi6XavJfRQ1jIGwsnb2HuLtJYQDOQehwBLHD8Z8Ej1XmsFjxod_9m0XlGUT_szn6leYi-rzAjijREbyXvby6dumwB6MTeB6EpYtldDRBmmXH090jMw_uqysrAES5THRsBhEFC3qb1xN6g3Rs-y7UX1RlSCmzoE--fuzvNfgiyKAYpRAxcsV4u7FiLGhTmfbUIRhI1jOtcMlXqm2_g3CORsMghzrjyD-b-JYif5Jk3zFeXUphm612XrhJCpykGGYFTPKQPEpErjDh7_DmdgcOeXCUa8ncvUhLS-USAP_6M6tdl547cvyMPAlxBP3k5f-cPKibF-Rp26ODBpX9kozuwoEGOFAHB-rhQDs40HFDAQ67Dgy0AwMNYNgkJ_t7x1--xaGHRmzSTM5jWyZ1XsnKSGUznmqtUwiymc4sM1pDZCXAH2ZpZRS4MzattMmk1oybXIHnzMt0iwyaq6Z-RagFx2Voh1Zh8YeRpiwhFK5EntSSM1Mn2yRpl6cwgWAe-5xcFmtks00-dDdNPL_K-p_zdt2LAHDv-hUApXU3vr7fc96QDbzye21vyWA-XdTvyGPzaz6eTXccjn4DVe6HnA
linkProvider	ISSN International Centre
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Counter-Measures+against+Stack+Buffer+Overflows+in+GNU%2FLinux+Operating+Systems&rft.jtitle=Procedia+computer+science&rft.au=Leon%2C+Erick&rft.au=Bruda%2C+Stefan+D.&rft.date=2016&rft.issn=1877-0509&rft.eissn=1877-0509&rft.volume=83&rft.spage=1301&rft.epage=1306&rft_id=info:doi/10.1016%2Fj.procs.2016.04.270&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_procs_2016_04_270
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1877-0509&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1877-0509&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1877-0509&client=summon