StackOFFence: a technique for defending against buffer overflow attacks

Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most...

Full description

Saved in:
Bibliographic Details
Published in:ITCC 2005 : International Conference on Information Technology: Coding and Computing : proceedings : 4-6 April, 2005, Las Vegas, Nevada Vol. 1; pp. 656 - 661 Vol. 1
Main Authors: Madan, B.B., Phoha, S., Trivedi, K.S.
Format: Conference Proceeding
Language:English
Published: IEEE 2005
Subjects:
Algorithms
Buffer overflow
Computer security
Cryptography
Educational institutions
Information security
Information systems
Internet
NIST
Surveillance
ISBN:0769523153, 9780769523156
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.
ISBN:0769523153
9780769523156
DOI:10.1109/ITCC.2005.260