Advertisement

Defense against Stack-Based Attacks Using Speculative Stack Layout Transformation

  • Benjamin D. Rodes
  • Anh Nguyen-Tuong
  • Jason D. Hiser
  • John C. Knight
  • Michele Co
  • Jack W. Davidson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7687)

Abstract

This paper describes a novel technique to defend binaries against intra-frame stack-based attacks, including overflows into local variables, when source code is unavailable. The technique infers a specification of a function’s stack layout, i.e., variable locations and boundaries, and then seeks to apply a combination of transformations, including variable reordering, random-sized padding between variables, and placement of canaries. To overcome the imprecision of static binary analysis, yet be as aggressive as possible in the transformations applied to the stack layout, the technique is speculative. A stack frame is aggressively transformed based on static analysis, and the validity of inferred stack layout is assessed through regression testing. If a transformation changes a program’s semantics because of imprecision in the inference of the stack layout, a less aggressive layout is inferred until the transformed program passes the supplied regression tests. We present an overview of the technique and preliminary results of its feasibility and security effectiveness.

Keywords

artificial diversity stack layout transformation run-time verification buffer overflow non-control-data attacks security attacks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 105–120. USENIX Association, Berkeley (2003)Google Scholar
  2. 2.
    Bhatkar, S., Sekar, R.: Data Space Randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1–22. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14, pp. 255–270. USENIX Association, Berkeley (2005)Google Scholar
  4. 4.
    Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Security Symposium, pp. 177–192 (2005)Google Scholar
  5. 5.
    Hiser, J.D., Coleman, C.L., Co, M., Davidson, J.W.: MEDS: The Memory Error Detection System. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 164–179. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization, CGO 2003, pp. 36–47. IEEE Computer Society, Washington, DC (2003)CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Van Acker, S., Nikiforakis, N., Philippaerts, P., Younan, Y., Piessens, F.: ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 156–170. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Benjamin D. Rodes
    • 1
  • Anh Nguyen-Tuong
    • 1
  • Jason D. Hiser
    • 1
  • John C. Knight
    • 1
  • Michele Co
    • 1
  • Jack W. Davidson
    • 1
  1. 1.Department of Computer ScienceUniversity of VirginiaCharlottesvilleUSA

Personalised recommendations