SSPFA: effective stack smashing protection for Android OS

In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.

[1]  Angelos D. Keromytis,et al.  DynaGuard: Armoring Canary-based Protections against Brute-force Attacks , 2015, ACSAC.

[2]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[3]  Crispin Cowan,et al.  StackGuard: Simple Stack Smash Protection for GCC , 2004 .

[4]  Marvin Onabajo,et al.  A Low-Power High-Speed Hybrid ADC With Merged Sample-and-Hold and DAC Functions for Efficient Subranging Time-Interleaved Operation , 2017, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[5]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[6]  Raghu Neelisetti,et al.  Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization , 2014, 2014 International Conference on Information Technology.

[7]  D. Miller Security measures in OpenSSH , 2007 .

[8]  Changzhen Hu,et al.  A practical online approach to protecting kernel heap buffers in kernel modules , 2016, China Communications.

[9]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[10]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[11]  Joseph L. Greathouse,et al.  Dynamic buffer overflow detection for GPGPUs , 2017, 2017 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[12]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[13]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[14]  William J. Buchanan,et al.  A methodology for the security evaluation within third-party Android Marketplaces , 2017, Digit. Investig..

[15]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[16]  Thomas Meyer,et al.  Stack Redundancy to Thwart Return Oriented Programming in Embedded Systems , 2018, IEEE Embedded Systems Letters.

[17]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[18]  Lorenzo Martignoni,et al.  Surgically Returning to Randomized lib(c) , 2009, 2009 Annual Computer Security Applications Conference.

[19]  Wei Zhang,et al.  A Fine-Grained Control Flow Integrity Approach Against Runtime Memory Attacks for Embedded Systems , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[20]  Masahiro Yokoyama,et al.  A Survey of Prevention/Mitigation against Memory Corruption Attacks , 2016, 2016 19th International Conference on Network-Based Information Systems (NBiS).

[21]  Debdeep Mukhopadhyay,et al.  SmashClean: A hardware level mitigation to stack smashing attacks in OpenRISC , 2016, 2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE).

[22]  Li Li,et al.  Why are Android Apps Removed From Google Play? A Large-Scale Empirical Study , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[23]  Salman Niksefat,et al.  ROPK++: An enhanced ROP attack detection framework for Linux operating system , 2017, 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security).

[24]  Wouter Joosen,et al.  Extended Protection against Stack Smashing Attacks without Performance Loss , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[25]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[26]  Ismael Ripoll,et al.  Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers , 2013, 2013 IEEE 12th International Symposium on Network Computing and Applications.

[27]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[28]  Kirill Kononenko,et al.  Development of dynamic protection against timing channels , 2016, International Journal of Information Security.

[29]  Wenke Lee,et al.  From Zygote to Morula: Fortifying Weakened ASLR on Android , 2014, 2014 IEEE Symposium on Security and Privacy.