SafeStack $$^+$$ : Enhanced Dual Stack to Combat Data-Flow Hijacking

Lin, Yan; Tang, Xiaoxiao; Gao, Debin

doi:10.1007/978-3-319-59870-3_6

Cited by 1 publication

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The boundary detection method sets flags at the tail of the heap and the stack, and determines whether the overflow attack occurs by checking the flags. SafeStack(+) [14] can diagnose and patch stack-based buffer overflow vulnerabilities automatically. It locates data flow sensitive variables on the unsafe stack that could potentially affect evaluation of branching conditions, and adds canaries of random sizes and values to them to detect malicious overwriting.…”

Section: Boundary Detectionmentioning

confidence: 99%

DID: Data Isolation via Dynamic Adjustment of Permissions and Spaces

Li,

Qu,

Chung

2024

Preprint

View full text Add to dashboard Cite

Heap and stack are the main carriers for storing data in the operating system (OS), and their isolation is a key factor to ensure the data privacy and instruction orders. The existing isolation methods have the problem of coarse granularity. In addition, the completely open feature of the read and write permissions of the heap and stack has a serious impact on isolation. To solve these problems, this paper proposes an isolation method DID. This method refines the granularity of the isolated stack and heap. It establishes a framework to dynamically adjust the permissions and spaces of the target data. Based on this framework, DID builds four mechanisms: heap fence mechanism, heap owner mechanism, stack alternation mechanism, and stack jump mechanism. These mechanisms can be used to isolate the data on the heap or stack. Experiments and analysis show that DID has a good defense effect against various attacks based on data out-of-bounds access. And it only introduces 1.9% overhead to the CPU.

show abstract

Section: Boundary Detectionmentioning

confidence: 99%