To Detect Stack Buffer Overflow with Polymorphic Canaries

Stack Smashing Protection (SSP) is a simple and highly efficient technique widely used in practice as the front line defense against stack buffer overflow attacks. Unfortunately, SSP is known to be vulnerable to the so-called byte-by-byte attack. Although several remedy schemes are proposed in the r...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings - International Conference on Dependable Systems and Networks s. 243 - 254
Hlavní autoři: Wang, Zhilong, Ding, Xuhua, Pang, Chengbin, Guo, Jian, Zhu, Jun, Mao, Bing
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.06.2018
Témata:
brute force attack
canary
Force
Instruction sets
Instruments
Runtime
Security
Stack buffer overflow
ISSN:2158-3927
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Stack Smashing Protection (SSP) is a simple and highly efficient technique widely used in practice as the front line defense against stack buffer overflow attacks. Unfortunately, SSP is known to be vulnerable to the so-called byte-by-byte attack. Although several remedy schemes are proposed in the recent literature, their security is achieved at the price of practicality, because their complex logics ruin SSP's simplicity and high-efficiency. In this paper, we present an elegant solution named as Polymorphic SSP (P-SSP) that attains the same security without sacrificing SSP's strengths. We also propose three extensions of the basic scheme for better compatibility, stronger security, and local variable protection, respectively. We have implemented both a compiler plugin and a binary instrumentation tool for deploying P-SSP. Their respective runtime overheads are only 0.24% and 1.01%. We have also experimented with our extensions and compared their pros and cons with the basic scheme.
ISSN:2158-3927
DOI:10.1109/DSN.2018.00035