SSPFA: effective stack smashing protection for Android OS

Hector Marco-Gisbert, Ismael Ripoll-Ripoll

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)
    218 Downloads (Pure)

    Abstract

    In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.
    Original languageEnglish
    Pages (from-to)519-532
    Number of pages14
    JournalInternational Journal of Information Security
    Volume18
    Issue number4
    Early online date22 Jan 2019
    DOIs
    Publication statusPublished - 31 Aug 2019

    Keywords

    • Android
    • Buffer overflow
    • Defenses
    • Mobile devices
    • Security
    • Stack smashing protector

    Fingerprint

    Dive into the research topics of 'SSPFA: effective stack smashing protection for Android OS'. Together they form a unique fingerprint.

    Cite this