Stack smashing attack detection methodology for secure program execution based on hardware

The need to include security mechanisms in electronic devices has dramatically grown with the widespread use of such devices in our daily life. With the increasing interconnectivity among devices, attackers can now launch attacks remotely. Such attacks arrive as data over a regular communication channel and, once resident in the program memory, they trigger a pre-existing software flaw and transfer control to the attacker’s malicious code. Software vulnerabilities have been the main cause of computer security incidents. Among these, buffer overflows are perhaps the most widely exploited type of vulnerability, accounting for approximately half the Computer Emergency Readiness Team (CERT) advisories in recent years. In this scenario, the methodology proposed in this work presents a new hardware-based approach to detect stack smashing buffer overflow attack and recover the system after the attack detection. Compared to existing approaches, the proposed technique does not need application code recompilation or use of any kind of software (e.g., an Operating System - OS) to manage memory usage. By monitoring processor pipeline internal signals, this approach is able to detect when the return address of a function call has been corrupted. At this moment, a rollback-based recovery procedure is triggered, which drives the system into a safe state previously stored in a protected memory area. This approach was validated by implementing a C program that forces a buffer overflow condition, which is promptly recognized by the proposed approach. From this point on, the system is then properly recovered. Having in mind to evaluate the system under more realistic conditions, test programs were implemented with pieces of known vulnerable C codes. These vulnerable pieces of codes were obtained from vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE). These code snippets were adapted and included in the test programs. Then, while running these programs the proposed system was evaluated. This evaluation was done by observing the capability of the proposed approach to: (1) detect an invalid return address and (2) to safely recovery the system from the faulty condition. Finally, the execution time and area overheads were determined. According to preliminary implementations and results this approach guarantees 100% attack detection with negligible detection latency by recognizing return address overwritten within a few processor clock cycles.

[1]  Shyhtsun Felix Wu,et al.  Lightweight Hardware Return Address and Stack Frame Tracking to Prevent Function Return Address Attack , 2009, 2009 International Conference on Computational Science and Engineering.

[2]  John C. Knight,et al.  Safety critical systems: challenges and directions , 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002.

[3]  Du Jiang,et al.  A New Approach against Stack Overrun: Separates the Stack to Two Parts , 2011, 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[4]  Gang Chen,et al.  SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities , 2013, IEEE Transactions on Dependable and Secure Computing.

[5]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[6]  Calton Pu,et al.  Protecting Systems from Stack Smashing Attacks with StackGuard , 1999 .

[7]  Adriano Bessa Albuquerque,et al.  Security Engineering Approach to Support Software Security , 2010, 2010 6th World Congress on Services.

[8]  Zhao Zhang,et al.  Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks , 2006, IEEE Micro.

[9]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[10]  Simone Schweitzer Software Safety And Reliability Techniques Approaches And Standards Of Key Industrial Sectors , 2016 .

[11]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[12]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[13]  Raghu Neelisetti,et al.  Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization , 2014, 2014 International Conference on Information Technology.

[14]  Robyn R. Lutz,et al.  Engineering for Safety : A Roadmap , 2001 .

[15]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[16]  Ramesh Karri,et al.  Architecture Support for Dynamic Integrity Checking , 2012, IEEE Transactions on Information Forensics and Security.

[17]  Marsha Chechik,et al.  A buffer overflow benchmark for software model checkers , 2007, ASE.