The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.
|Title of host publication||2013 IEEE 12th International Symposium on Network Computing and Applications|
|Number of pages||8|
|Publication status||Published - Aug 2013|
|Event||IEEE International Symposium on Network Computing and Applications (NCA 2013) - Boston, United States|
Duration: 22 Aug 2013 → 24 Aug 2013
|Conference||IEEE International Symposium on Network Computing and Applications (NCA 2013)|
|Period||22/08/13 → 24/08/13|