USENIX Technical Program - Abstract - USENIX Annual
Conference, General Session - June 2000
Transparent Run-Time Defense Against Stack-Smashing Attacks
Arash Baratloo and Navjot Singh, Bell Labs Research, Lucent
Technologies; Timothy Tsai, Reliable Software Technologies
Abstract
The exploitation of buffer overflow vulnerabilities in process stacks
constitutes a significant portion of security attacks. We present two
new methods to detect and handle such attacks. In contrast to previous
work, the new methods work with any existing pre-compiled executable and
can be used transparently per-process as well as on a system-wide basis.
The first method intercepts all calls to library functions known to be
vulnerable. A substitute version of the corresponding function
implements the original functionality, but in a manner that ensures that
any buffer overflows are contained within the current stack frame. The
second method uses binary modification of the process memory to force
verification of critical elements of stacks before use. We have
implemented both methods on Linux as dynamically loadable libraries and
shown that both libraries detect several known attacks. The performance
overhead of these libraries range from negligible to 15%.
|