To Detect Stack Buffer Overflow with Polymorphic Canaries

Stack Smashing Protection (SSP) is a simple and highly efficient technique widely used in practice as the front line defense against stack buffer overflow attacks. Unfortunately, SSP is known to be vulnerable to the so-called byte-by-byte attack. Although several remedy schemes are proposed in the r...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings - International Conference on Dependable Systems and Networks pp. 243 - 254
Main Authors: Wang, Zhilong, Ding, Xuhua, Pang, Chengbin, Guo, Jian, Zhu, Jun, Mao, Bing
Format: Conference Proceeding
Language:English
Published: IEEE 01.06.2018
Subjects:
brute force attack
canary
Force
Instruction sets
Instruments
Runtime
Security
Stack buffer overflow
ISSN:2158-3927
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Stack Smashing Protection (SSP) is a simple and highly efficient technique widely used in practice as the front line defense against stack buffer overflow attacks. Unfortunately, SSP is known to be vulnerable to the so-called byte-by-byte attack. Although several remedy schemes are proposed in the recent literature, their security is achieved at the price of practicality, because their complex logics ruin SSP's simplicity and high-efficiency. In this paper, we present an elegant solution named as Polymorphic SSP (P-SSP) that attains the same security without sacrificing SSP's strengths. We also propose three extensions of the basic scheme for better compatibility, stronger security, and local variable protection, respectively. We have implemented both a compiler plugin and a binary instrumentation tool for deploying P-SSP. Their respective runtime overheads are only 0.24% and 1.01%. We have also experimented with our extensions and compared their pros and cons with the basic scheme.
ISSN:2158-3927
DOI:10.1109/DSN.2018.00035