Extended protection against stack smashing attacks without performance loss

Yves Younan
Katholieke Universiteit Leuven
Belgium

Davide Pozza
Politecnico di Torino
Italy

Frank Piessens
Katholieke Universiteit Leuven
Belgium

Wouter Joosen
Katholieke Universiteit Leuven
Belgium

In this paper we present an efficient countermeasure against stack
smashing attacks. Our countermeasure does not rely on secret values
(such as canaries) and protects against attacks that are not addressed
by state-of-the-art countermeasures. Our technique splits the standard
stack into multiple stacks. The allocation of data types to one of the
stacks is based on the chances that a specific data element is either
a target of attacks and/or an attack vector. We have implemented our
solution in a C-compiler for Linux. The evaluation shows that the
overhead of using our countermeasure is negligible.

Keywords: protection, code injection attacks, stack smashing, buffer overflows

Read Paper Read Paper (in PDF)