Preventing Stack Overflow Using Alternative Stack Approaches

  • Authors

    • Khairol Amin Mohd Salleh
    • Abdul Rahim Ahmad
    • Roslan Ismail
    2018-11-30
    https://doi.org/10.14419/ijet.v7i4.35.22739
  • Buffer overflow, stack overflow, alternative stack, software security

  • Buffer overflow marks a phenomenon of a malicious technique employed by attackers, as reported in the NIST statistics. This paper presents a method of implementing a dual stack approach using software to protect the data stack from experiencing the attack by using 3 types of architecture, ranging from parallel program, multi-threading to a simple sequential subroutine.  The current research on dual stack may require new hardware or a modified version of compiler which may complicate the implementation. These implementations spark some major issues in code backward compatibility with some changes in the language semantics especially in handling the movement of data to and from the dual stack. This paper discusses the implementation of Alternative Stack prototypes in 3 types of architecture and observation on its behavior during the performance and security test. The test has been benchmarked against the programs that are compiled with Microsoft Security Cookie. The Alternative Stack Architecture 3 prototype displayed a significant performance against the benchmarked programs whilst maintaining the confidentiality, integrity and availability of the programs.

  • References

    1. [1] Aurélien Francillon, Daniele Perito and Claude Castelluccia. Defending embedded systems against control flow attacks. In Proceedings of the first ACM workshop on Secure execution of untrusted code, 2009 (SecuCode '09) p 19-26.

      [2] Crispin Cowan, Perry Wagle, Calton Pu,Steve Beattie, and Jonathan Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. DARPA Information Survivability Conference and Exposition (DISCEX '00)., 2000. Vol. 2. p.119 - 129.

      [3] Eugen Leontie, Gedare Bloom, Olga Gelbart, Bhagirath Narahari and Rahul Simha. A Compiler-Hardware Technique for Protecting Against Buffer Overflow Attacks, 2009. URL:https://www.seas.gwu.edu/~simha/research/HWStack.pdf,
      07-12-2016.

      [4] Gerardo Richarte. Four different tricks to bypass StackShield and StackGuard protection, 2002. URL: https://www.cs.purdue.edu/homes/xyzhang/fall07/Papers/ defeat-stackguard.pdf, 26-09-2017.

      [5] Hiroaki Etoh. GCC extension for protecting applications from stacksmashing attacks. URL : https://www.researchgate.net/ publicaton/243483996_Gcc_extension_for_protecting_applications _from_stack-smashing_attacks

      [6] INTEL. Control-Flow Enforcement Technology Preview, 2016, Jun 2017. Rev 2.0. URL : https://software.intel.com/sites/default/ files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf, 22-08-2017.

      [7] Jun Xu, Zbigniew Kalbarczyk, Sanjay Patel and Ravishankar K. Iyer. Architecture Support for Defending Against Buffer Overflow Attacks, 2002. URL : https://www.ideals.illinois.edu/bitstream/ handle/2142/74493/B53-CRHC_02_05.pdf?sequence=2,22-08-2016.

      [8] K. Piromsopa and R.J. Enbody. Secure Bit: Transparent, Hardware Buffer-Overflow Protection. In IEEE Transactions on Dependable and Secure Computing, Vol 3(4), 2006. pp.365-376.

      [9] Marc L. Corliss, E. Christopher Lewis and Amir Roth . Using DISE to protect return addresses from attack. IN: ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA) Homepage archive, Vol 33(1), March, 2005.pp 65 – 72.

      [10] Saravanan Sinnadurai, Qin Zhao and Weng-Fai Wong. Transparent Runtime Shadow Stack: Protection against malicious return address modifications, 2008;

      [11] Thurston H.Y. Dang, Petros Maniatis and David Wagner. The Performance Cost of Shadow Stacks and Stack Canaries. IN : ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, 2015. p- 555-566 .

      [12] Tilo Muller and Christopher Kugler. SCADS: Separated Control- and Data-Stack. IN: 10th International Conference on Security and Privacy in Communication Networks September 24-26, 2014.

      [13] Tzi-cker Chiueh and Fu-Hau Hsu. RAD: A Compile-Time Solution to Buffer Overflow

      [14] Attacks. In Proceedings of the 21st International Conference on Distributed Computing

      [15] Systems (ICDCS ’01), Mesa, AZ, April 2001. SUNY Stony Brook.

      [16] Vendicator, "StackShield: A stack smashing technique protection tool for Linux," Jan. 08, 2000.

      [17] Yongdong Wu. Enhancing Security Check in Visual Studio C/C++ Compiler. In WRI World Congress on Software Engineering, 2009, Volume: 4. (IEEE publication), p 109-113.

  • Downloads

  • How to Cite

    Salleh, K. A. M., Ahmad, A. R., & Ismail, R. (2018). Preventing Stack Overflow Using Alternative Stack Approaches. International Journal of Engineering & Technology, 7(4.35), 239-243. https://doi.org/10.14419/ijet.v7i4.35.22739