StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks

This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge. We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We describe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that trade-off between penetration resistance and performance. We present experimental results of both the penetration resistance and the performance impact of this technique.

[1]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[2]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[3]  Eugene H. Spafford,et al.  The COPS Security Checker System , 1990, USENIX Summer.

[4]  Robert O. Hastings,et al.  Fast detection of memory leaks and access errors , 1991 .

[5]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[6]  Calton Pu,et al.  Optimistic incremental specialization: streamlining a commercial operating system , 1995, SOSP.

[7]  Calton Pu,et al.  Fast concurrent dynamic linking for an adaptive operating system , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[8]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[9]  Calton Pu,et al.  Specialization classes: an object framework for specialization , 1996, Proceedings of the Fifth International Workshop on Object-Orientation in Operation Systems.

[10]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  Calton Pu,et al.  A Toolkit for Specializing Production Operating System Code , 1997 .

[12]  Nathan P. Smith,et al.  Stack Smashing Vulnerabilities in the UNIX Operating System , 1997 .

[13]  Crispin Cowan,et al.  Declarative specialization of object-oriented programs , 1997, OOPSLA '97.

[14]  Mudge How to write buffer overflows , 1997 .

[15]  Calton Pu,et al.  Microlanguages for Operating System Specialization , 1997 .

[16]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).