SSPFA: effective stack smashing protection for Android OS

Hector Marco-Gisbert; Ismael Ripoll-Ripoll

doi:10.1007/s10207-018-00425-8

SSPFA: effective stack smashing protection for Android OS

Hector Marco-Gisbert, Ismael Ripoll-Ripoll

School of Computing, Engineering and Physical Sciences

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

204 Downloads (Pure)

Abstract

In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.

Original language	English
Pages (from-to)	519-532
Number of pages	14
Journal	International Journal of Information Security
Volume	18
Issue number	4
Early online date	22 Jan 2019
DOIs	https://doi.org/10.1007/s10207-018-00425-8
Publication status	Published - 31 Aug 2019

Keywords

Android
Buffer overflow
Defenses
Mobile devices
Security
Stack smashing protector

Access to Document

10.1007/s10207-018-00425-8Licence: CC BY

Marco-Gisbert-Ripoll-Ripoll2019_Article_SSPFAEffectiveStackSmashingProFinal published version, 955 KBLicence: CC BY

Cite this

@article{18d4e2891d134a2fad4c7e6b4fdbfee5,

title = "SSPFA: effective stack smashing protection for Android OS",

abstract = "In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.",

keywords = "Android, Buffer overflow, Defenses, Mobile devices, Security, Stack smashing protector",

author = "Hector Marco-Gisbert and Ismael Ripoll-Ripoll",

year = "2019",

month = aug,

day = "31",

doi = "10.1007/s10207-018-00425-8",

language = "English",

volume = "18",

pages = "519--532",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer Nature",

number = "4",

}

TY - JOUR

T1 - SSPFA

T2 - effective stack smashing protection for Android OS

AU - Marco-Gisbert, Hector

AU - Ripoll-Ripoll, Ismael

PY - 2019/8/31

Y1 - 2019/8/31

N2 - In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.

AB - In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.

KW - Android

KW - Buffer overflow

KW - Defenses

KW - Mobile devices

KW - Security

KW - Stack smashing protector

U2 - 10.1007/s10207-018-00425-8

DO - 10.1007/s10207-018-00425-8

M3 - Article

SN - 1615-5262

VL - 18

SP - 519

EP - 532

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 4

ER -