StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks 论文

摘要

This paper presents a systematic solution to the per-sistent problem of buffer overflow attacks. Buffer over-flow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of at-tacks have been discovered, and while most of the obvi-ous vulnerabilities have now been patched, more sophis-ticated buffer overflow attacks continue to emerge. We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged pro-grams that are recompiled with the StackGuard com-piler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We de-scribe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that trade-off between penetration resistance and performance. We present experimental results of both the penetration resis-tance and the performance impact of this technique.