STACKFENCES: A Run-Time Approach for Detecting Stack Overflows
نویسنده
چکیده
This paper describes StackFences, a run-time technique for detecting overflows in local variables in C programs. This technique is different from all others developed so far because it tries to detect explicit overflow occurrences, instead of detecting if a particular stack value, namely a return address, was corrupted because of a stack overflow. Thus, StackFences is useful not only for detecting intrusion attempts but also for checking the run-time robustness of applications. We also conceived different policies for deploying StackFences, allowing a proper balancing between detection accuracy and performance. Effectiveness tests confirmed that all overflows in local variables are detected before causing any severe damage. Performance tests ran with several tools and parameters showed an acceptable performance degradation.
منابع مشابه
An Approach to Stack Overflow Counter-measures Using Kernel Properties
The computer security became recently a subject of general concern for the main public, for governments, and for private companies alike. Indeed, the latest news involving stuxnet, flame, and so many other viruses made clear to everybody that privilege escalation and security threats in general deserve a greater attention. The range of buffer overflow exploitations in particular is large, rangi...
متن کاملHeapShield: Library-Based Heap Overflow Protection for Free
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both a security vulnerability and a frequent source of bugs. Previous approaches to preventing these overflows require source code or can slow programs down by a factor of two or more. We present HeapShield, an approach that prevents all library-based heap overflows at runtime. It works with arbitrary...
متن کاملCompile-time stack requirements analysis with GCC
Stack overflows are a major threat to many computer applications and run-time recovery techniques are not always available or appropriate. In such situations, it is of utmost value to prevent overflows from occurring in the first place, which requires evaluating the worst case stack space requirements of an application prior to operational execution time. More generally, as run-time stack areas...
متن کاملRun-time Detection of Heap-based Overflows
Buffer overflows belong to the most common class of attacks on today’s Internet. Although stack-based variants are still by far more frequent and well-understood, heap-based overflows have recently gained more attention. Several real-world exploits have been published that corrupt heap management information and allow arbitrary code execution with the privileges of the victim process. This pape...
متن کاملSCADS - Separated Control- and Data-Stacks
Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this paper, we present a compiler-level protection called SCADS: Separated Controland Data-Stacks. In our approach, we protect return addresses and saved frame pointers on a separate stack, called t...
متن کامل