Using DISE to protect return addresses from attack

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Using DISE to protect return addresses from attack

Full text

Pdf (390 KB)

Source

ACM SIGARCH Computer Architecture News archive
Volume 33 , Issue 1 (March 2005) table of contents
Special issue: Workshop on architectural support for security and anti-virus (WASSA)

SPECIAL ISSUE: Workshop on architectural support for security and anti-virus (WASSA) table of contents

Pages: 65 - 72

Year of Publication: 2005

ISSN:0163-5964

Authors

Marc L. Corliss	University of Pennsylvania, Philadelphia, PA
E. Christopher Lewis	University of Pennsylvania, Philadelphia, PA
Amir Roth	University of Pennsylvania, Philadelphia, PA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 36, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1055626.1055636 What is a DOI?

ABSTRACT

Stack-smashing by buffer overflow is a common tactic used by viruses and worms to crash or hijack systems. Exploiting a bounds-unchecked copy into a stack buffer, an attacker can---by supplying a specially-crafted and unexpectedly long input---overwrite a stored return address and trigger the execution of code of her choosing. In this paper, we propose to protect code from this common form of attack using dynamic instruction stream editing (DISE), a previously proposed hardware mechanism that implements binary rewriting in a transparent, efficient, and convenient way by rewriting the dynamic instruction stream rather than the static executable. Simply, we define productions (rewriting rules) that instrument program calls and returns to maintain and verify a "shadow" stack of return addresses in a protected region of memory. When invalid return addresses are detected, the application is terminated.The DISE implementation resembles previous software schemes like StackGuard and the Return Address Defender (RAD), but it can operate without source code and in dynamically-linked libraries and dynamically-generated code. It also has natural facilities for protecting the shadow stack, which provides little security if it itself is vulnerable. Finally, unlike software instrumentation, DISE checks---which are inserted by the processor at runtime---cannot be bypassed or subverted.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), Nov. 1996.
	2	A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In Proc. of the USENIX Annual Technical Conference, Jun. 2000.
	3	D. Burger and T. M. Austin. The SimpleScalar tool set, version 2.0. Technical Report 1342, University of Wisconsin-Madison Computer Sciences Department, 1997.
	4	RAD: A Compile-Time Solution to Buffer Overflow Attacks, Proceedings of the The 21st International Conference on Distributed Computing Systems, p.409, April 16-19, 2001
	5	M. L. Corliss, E. C. Lewis, and A. Roth. DISE: Dynamic instruction stream editing. Technical Report MS-CIS-02-24, University of Pennsylvania, Jul. 2002.
	6	Marc L. Corliss , E. Christopher Lewis , Amir Roth, DISE: a programmable macro engine for customizing applications, Proceedings of the 30th annual international symposium on Computer architecture, June 09-11, 2003, San Diego, California
	7	Marc L. Corliss , E. Christopher Lewis , Amir Roth, A DISE implementation of dynamic code decompression, Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems, June 11-13, 2003, San Diego, California, USA
	8	M. L. Corliss, E. C. Lewis, and A. Roth. Low-overhead debugging via flexible dynamic instrumentation. Technical Report MS-CIS-04-06, University of Pennsylvania, Mar. 2004.
	9	C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention buffer overflow attacks. In Proc. of 7th USENIX Security Conference, pages 63--78, Jan. 1998.
	10	K. Diefendorf. K7 challenges Intel. Microprocessor Report, 12(14), Nov. 1998.
	11	M. Frantzen and M. Shuey. StackGhost: Hardware facilitated stack protection. In Proc. of the 10th USENIX Security Symposium, pages 55--66, Aug. 2001.
	12	P. Glaskowsky. Pentium 4 (partially) previewed. Microprocessor Report, 14(8), Aug. 2000.
	13	M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, and R. B. Brown. MiBench: A free, commercially representative embedded benchmark suite. In Proc. of 4th Annual IEEE Workshop on Workload Characterization, Dec. 2001.
	14	R. Jones and P. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proc. of the Int. Workshop on Automatic Debugging, pages 13--26, May 1997.
	15	Jonathan Pincus , Brandon Baker, Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, IEEE Security and Privacy, v.2 n.4, p.20-27, July 2004 [doi>10.1109/MSP.2004.36]
	16	O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proc. of the 11th Network and Distributed Systems Security Symposium, Feb. 2004.
	17	Solar Designer. Linux kernel patch from the openwall project. http://www.openwall.com/linux/, 2004.
	18	Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, Proceedings of the fourteenth ACM symposium on Operating systems principles, p.203-216, December 05-08, 1993, Asheville, North Carolina, United States
	19	T. Wolf and M. Franklin. CommBench -- a telecommunications benchmark for network processors. In Proc. of IEEE Int. Symp. on Performance Analysis of Systems and Software, Apr. 2000.