Preventing brute force attacks against stack canary protection on networking servers

Hector Marco-Gisbert, Ismael Ripoll

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.
Original languageEnglish
Title of host publication2013 IEEE 12th International Symposium on Network Computing and Applications
PublisherIEEE
Pages243-250
Number of pages8
ISBN (Print)9780768550436
DOIs
Publication statusPublished - Aug 2013
Externally publishedYes
EventIEEE International Symposium on Network Computing and Applications (NCA 2013) - Boston, United States
Duration: 22 Aug 201324 Aug 2013
http://www.ieee-nca.org

Conference

ConferenceIEEE International Symposium on Network Computing and Applications (NCA 2013)
CountryUnited States
CityBoston
Period22/08/1324/08/13
Internet address

Fingerprint

Servers

Cite this

Marco-Gisbert, H., & Ripoll, I. (2013). Preventing brute force attacks against stack canary protection on networking servers. In 2013 IEEE 12th International Symposium on Network Computing and Applications (pp. 243-250). IEEE. https://doi.org/10.1109/NCA.2013.12
Marco-Gisbert, Hector ; Ripoll, Ismael. / Preventing brute force attacks against stack canary protection on networking servers. 2013 IEEE 12th International Symposium on Network Computing and Applications. IEEE, 2013. pp. 243-250
@inbook{4e2dd726f53848fc9dc6b03af1347b51,
title = "Preventing brute force attacks against stack canary protection on networking servers",
abstract = "The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.",
author = "Hector Marco-Gisbert and Ismael Ripoll",
year = "2013",
month = "8",
doi = "10.1109/NCA.2013.12",
language = "English",
isbn = "9780768550436",
pages = "243--250",
booktitle = "2013 IEEE 12th International Symposium on Network Computing and Applications",
publisher = "IEEE",
address = "United States",

}

Marco-Gisbert, H & Ripoll, I 2013, Preventing brute force attacks against stack canary protection on networking servers. in 2013 IEEE 12th International Symposium on Network Computing and Applications. IEEE, pp. 243-250, IEEE International Symposium on Network Computing and Applications (NCA 2013), Boston, United States, 22/08/13. https://doi.org/10.1109/NCA.2013.12

Preventing brute force attacks against stack canary protection on networking servers. / Marco-Gisbert, Hector; Ripoll, Ismael.

2013 IEEE 12th International Symposium on Network Computing and Applications. IEEE, 2013. p. 243-250.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Preventing brute force attacks against stack canary protection on networking servers

AU - Marco-Gisbert, Hector

AU - Ripoll, Ismael

PY - 2013/8

Y1 - 2013/8

N2 - The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.

AB - The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.

U2 - 10.1109/NCA.2013.12

DO - 10.1109/NCA.2013.12

M3 - Chapter

SN - 9780768550436

SP - 243

EP - 250

BT - 2013 IEEE 12th International Symposium on Network Computing and Applications

PB - IEEE

ER -

Marco-Gisbert H, Ripoll I. Preventing brute force attacks against stack canary protection on networking servers. In 2013 IEEE 12th International Symposium on Network Computing and Applications. IEEE. 2013. p. 243-250 https://doi.org/10.1109/NCA.2013.12