Stack Memory Buffer Overflow Protection based on Duplication and Randomization

Sahel Alouneh, Mazen Kharbutli, Rana AlQurem
2013 Procedia Computer Science  
With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Vulnerabilities in the program's stack are commonly exploited by attackers in the form of stack-based attacks. In this paper, a software based solution for stack-based vulnerabilities and attacks is proposed and implemented. The proposed solution involves creating a new patch tool that fixes a wide-range of stack related
more » ... bilities in the existing applications. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomizes the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.
doi:10.1016/j.procs.2013.09.033 fatcat:dlzd66pf7necdc6rixt6bz4bhq