Open AccessStackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries
Author(s) -
Xi Chen,
Asia Slowinska,
Dennis Andriesse,
Herbert Bos,
Cristiano Giuffrida
Publication year - 2015
Publication title -
citeseer x (the pennsylvania state university)
Language(s) - English
Resource type - Conference proceedings
DOI - 10.14722/ndss.2015.23248
Subject(s) - spec# , computer science , x86 , call stack , stack (abstract data type) , overhead (engineering) , predictability , operating system , memory protection , rewriting , embedded system , memory management , extended memory , programming language , overlay , software , physics , quantum mechanics
StackArmor is a comprehensive protection technique for stack-based memory error vulnerabilities in binaries. It relies on binary analysis and rewriting strategies to drastically reduce the uniquely high spatial and temporal memory predictability of traditional call stack organizations. Unlike prior solutions, StackArmor can protect against arbitrary stack-based attacks, requires no access to the source code, and offers a policy-driven protection strategy that allows end users to tune the securityperformance tradeoff according to their needs. We present an implementation of StackArmor for x86 64 Linux and provide a detailed experimental analysis of our prototype on popular server programs and standard benchmarks (SPEC CPU2006). Our results demonstrate that StackArmor offers better security than prior binaryand source-level approaches, at the cost of only modest performance and memory overhead even with full protection.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom