Check out the new USENIX Web site. next up previous
Next: Future Work Up: Discussion Previous: Administration and Configuration

Performance Optimizations


Section 4.2.2 mentions that a light-weight trap to kernel mode can reduce the overhead of the MemGuard mechanism. However, it is also possible for the compiler to optimize StackGuard performance, both for the MemGuard and Canary variants.

If it is the case that no statement takes the address of any stack variable in the function foo, then foo does not need StackGuard protection. This is because any buffer overflow must attack an array, which is always a pointer. If an attack seeks to alter a variable in a function above foo on the stack, then it must come from below foo. But to get to the variable above foo it would have to go through the StackGuard protection that necessarily exists on the function below foo because of the array being overflowed.

The information regarding whether any variable has been aliased is already available in gcc, so it should be a simple matter to turn StackGuard protection off for functions that do not need it. We are working on this optimization, and expect to have it available in a future release of StackGuard.

Crispin Cowan
Tue Dec 9 16:04:30 PST 1997