StackOFFence

A technique for defending against buffer overflow attacks

Bharat B. Madan, Shashi Phoha, Kishor S. Trivedi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.

Original languageEnglish (US)
Title of host publicationProceedings ITCC 2005 - International Conference on Information Technology
Subtitle of host publicationCoding and Computing
EditorsH. Selvaraj, P.K. Srimani
Pages656-661
Number of pages6
StatePublished - Sep 21 2005
EventITCC 2005 - International Conference on Information Technology: Coding and Computing - Las Vegas, NV, United States
Duration: Apr 4 2005Apr 6 2005

Publication series

NameInternational Conference on Information Technology: Coding and Computing, ITCC
Volume1

Other

OtherITCC 2005 - International Conference on Information Technology: Coding and Computing
CountryUnited States
CityLas Vegas, NV
Period4/4/054/6/05

Fingerprint

Program processors
Information systems
Computer systems
Availability

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Cite this

Madan, B. B., Phoha, S., & Trivedi, K. S. (2005). StackOFFence: A technique for defending against buffer overflow attacks. In H. Selvaraj, & P. K. Srimani (Eds.), Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing (pp. 656-661). (International Conference on Information Technology: Coding and Computing, ITCC; Vol. 1).
Madan, Bharat B. ; Phoha, Shashi ; Trivedi, Kishor S. / StackOFFence : A technique for defending against buffer overflow attacks. Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. editor / H. Selvaraj ; P.K. Srimani. 2005. pp. 656-661 (International Conference on Information Technology: Coding and Computing, ITCC).
@inproceedings{d7d892616490460ba075355d366d7a89,
title = "StackOFFence: A technique for defending against buffer overflow attacks",
abstract = "Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.",
author = "Madan, {Bharat B.} and Shashi Phoha and Trivedi, {Kishor S.}",
year = "2005",
month = "9",
day = "21",
language = "English (US)",
isbn = "0769523153",
series = "International Conference on Information Technology: Coding and Computing, ITCC",
pages = "656--661",
editor = "H. Selvaraj and P.K. Srimani",
booktitle = "Proceedings ITCC 2005 - International Conference on Information Technology",

}

Madan, BB, Phoha, S & Trivedi, KS 2005, StackOFFence: A technique for defending against buffer overflow attacks. in H Selvaraj & PK Srimani (eds), Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. International Conference on Information Technology: Coding and Computing, ITCC, vol. 1, pp. 656-661, ITCC 2005 - International Conference on Information Technology: Coding and Computing, Las Vegas, NV, United States, 4/4/05.

StackOFFence : A technique for defending against buffer overflow attacks. / Madan, Bharat B.; Phoha, Shashi; Trivedi, Kishor S.

Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. ed. / H. Selvaraj; P.K. Srimani. 2005. p. 656-661 (International Conference on Information Technology: Coding and Computing, ITCC; Vol. 1).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - StackOFFence

T2 - A technique for defending against buffer overflow attacks

AU - Madan, Bharat B.

AU - Phoha, Shashi

AU - Trivedi, Kishor S.

PY - 2005/9/21

Y1 - 2005/9/21

N2 - Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.

AB - Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.

UR - http://www.scopus.com/inward/record.url?scp=24744469440&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24744469440&partnerID=8YFLogxK

M3 - Conference contribution

SN - 0769523153

SN - 9780769523156

T3 - International Conference on Information Technology: Coding and Computing, ITCC

SP - 656

EP - 661

BT - Proceedings ITCC 2005 - International Conference on Information Technology

A2 - Selvaraj, H.

A2 - Srimani, P.K.

ER -

Madan BB, Phoha S, Trivedi KS. StackOFFence: A technique for defending against buffer overflow attacks. In Selvaraj H, Srimani PK, editors, Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. 2005. p. 656-661. (International Conference on Information Technology: Coding and Computing, ITCC).