论文信息 - Install-time Vaccination of Windows Executables to Defend Against Stack Smashing Attacks

Install-time Vaccination of Windows Executables to Defend Against Stack Smashing Attacks

Stack smashing is still one of the most popular techniques for corputer system attack. In this paper we present an anti-stack-smashing defense technique for Microsoft Windows systems. Our approach works at install-time, and does not rely on having access to the source-code: The user decides when and which executables to vaccinate. Our technique consists of instrumenting a given executable with a mechanism to detect stack smashing attacks. We developed a prototype implementing our technique and verified that it successfully defends against actual exploit code. We then extended our prototype to vaccinate DLLs, multithreaded applications, and DLLs used by multi-threaded applications, which present significant additional complications. We present promising performance results measured on SPEC2000 benchmarks: Vaccinated executables were no more than 8% slower than their un-vaccinated originals.

Avishai Wool | Danny Nebenzahl

[1] David LeBlanc,et al. Writing Secure Code , 2001 .

[2] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[3] Saumya K. Debray,et al. Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[4] Navjot Singh,et al. Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[5] Galen C. Hunt,et al. Detours: binary interception of Win32 functions , 1999 .

[6] Gerardo Richarte. Four dierent tricks to bypass StackShield and StackGuard protection , 2002, WWW 2002.

[7] David H. Ackley,et al. Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[8] David Evans,et al. Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[9] Cristina Cifuentes,et al. Recovery of jump table case statements from binary code , 2001, Sci. Comput. Program..

[10] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[11] Michael Rodeh,et al. Cleanness Checking of String Manipulations in C Programs via Integer Analysis , 2001, SAS.