Reverse Stack Execution in a MultiVariant Execution Environment

Multi-variant execution allows detecting exploited vulnerabilities before they can cause any damage to systems. In this execution method, two or more slightly different variants of the same application are executed simultaneously on top of a monitoring layer. In the course of execution, the monitoring layer checks whether the instances are always in complying states. Any discrepancies raises an alarm and will result in termination of the non-complying instances. We present a technique to generate program variants that use a stack that grows in reverse direction in contrast to the native stack growth direction of the platform. Such program variants, when executed along with a normal instance in a multi-variant environment, allow us to detect stack-based buffer overflow attacks. The technique is implemented by modifying GCC to generate executables that write their stacks in opposite direction. In addition, we briefly present the technique used to build our multi-variant execution environment. Through evaluation we have shown that our prototype system can interdict the execution of malicious code in popular applications such as the Apache web server by trading off a small performance penalty for a high degree of security.

[1]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[2]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[3]  Calton Pu,et al.  A Specialization Toolkit to Increase the Diversity of Operating Systems , 1996 .

[4]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[5]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[6]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[7]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[8]  Emery D. Berger,et al.  Exterminator: automatically correcting memory errors with high probability , 2007, PLDI '07.

[9]  Michael Franz,et al.  Stopping Buffer Overflow Attacks at Run-Time : Simultaneous Multi-Variant Program Execution on a Multicore Processor , 2007 .

[10]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[11]  Carla E. Brodley,et al.  Detection and prevention of stack buffer overflow attacks , 2005, CACM.

[12]  Dawn Song,et al.  Mitigating buffer overflows by operating system randomization , 2002 .

[13]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..