Sciweavers

Share
NDSS
2015
IEEE

StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries

4 years 9 months ago
StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries
Abstract—StackArmor is a comprehensive protection technique for stack-based memory error vulnerabilities in binaries. It relies on binary analysis and rewriting strategies to drastically reduce the uniquely high spatial and temporal memory predictability of traditional call stack organizations. Unlike prior solutions, StackArmor can protect against arbitrary stack-based attacks, requires no access to the source code, and offers a policy-driven protection strategy that allows end users to tune the securityperformance tradeoff according to their needs. We present an implementation of StackArmor for x86 64 Linux and provide a detailed experimental analysis of our prototype on popular server programs and standard benchmarks (SPEC CPU2006). Our results demonstrate that StackArmor offers better security than prior binary- and source-level approaches, at the cost of only modest performance and memory overhead even with full protection.
Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert
Added 15 Apr 2016
Updated 15 Apr 2016
Type Journal
Year 2015
Where NDSS
Authors Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida
Comments (0)
books