Transparent Run - Time Defense

Stack Smashing Attacks Arash Baratloo and Navjot Singh farash,[email protected] Bell Labs Research, Lucent Technologies 600 Mountain Ave Murray Hill, NJ 07974 USA Timothy Tsai [email protected] Reliable Software Technologies 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 USA Abstract The exploitation of bu er over ow vulnerabilities in process stacks constitutes a signi cant portion of security attacks. We present two new methods to detect and handle such attacks. In contrast to previous work, the new methods work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis. The rst method intercepts all calls to library functions known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any bu er over ows are contained within the current stack frame. The second method uses binary modi cation of the process memory to force veri cation of critical elements of stacks before use. We have implemented both methods on Linux as dynamically loadable libraries and shown that both libraries detect several known attacks. The performance overhead of these libraries range from negligible to 15%.