Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks Read chapter Read first chapter

2015 | OriginalPaper | Chapter

SCADS

Separated Control- and Data-Stacks

Authors : Christopher Kugler, Tilo Müller

Published in: International Conference on Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this paper, we present a compiler-level protection called SCADS: Separated Control- and Data-Stacks. In our approach, we protect return addresses and saved frame pointers on a separate stack, called the Control-Stack (CS). In common computer programs, a single user mode stack is used to store control information next to data buffers. By separating control information from the Data-Stack (DS), we protect sensitive pointers of a program’s control flow from being overwritten by buffer overflows. As we make control flow information simply unreachable for buffer overflows, many exploits are stopped at an early stage of progression with only little performance overhead. To substantiate the practicability of our approach, we provide SCADS as an open source patch for the LLVM compiler infrastructure for AMD64 hosts.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter EFS: Efficient and Fault-Scalable Byzantine Fault Tolerant Systems Against Faulty Clients
next chapter Improving the Security of the HMQV Protocol Using Tamper-Proof Hardware
Appendix
Available only for authorised users
Literature
1.
2.
Aleph One.: Smashing the Stack for Fun and Profit. Phrack Magazine (1996)
3.
Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls on the x86. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, US, pp. 552–561. University of California, ACM Press. San Diego, October 2007
4.
5.
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium (USENIX 1998), San Antonio, Texas, US. Oregon Graduate Institute of Science and Technology, January 1998
6.
StackShield: A Stack Smashing Technique Protection Tool for Linux, January 2000
7.
Saravanan, S., Qin, Z., Wong, W.-F.: Protection against Malicious Return Address Modifications, Transparent Runtime Shadow Stack (2008)
8.
Bulba Kil3r.: Bypassing StackGuard and StackShield. Phrack Magazine, May 2000
9.
Richarte, G.: Four Different Tricks to Bypass StackShield and StackGuard Protection. Technical report, Core Security Technologies (2002)
10.
Silberman, P., Johnson, R.: A comparison of buffer overflow prevention implementations and weaknesses. In: Black Hat Briefings, Las Vegas (2004)
11.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM, New York (2004)
12.
Tyler Durden. Bypassing PaX ASLR protection. Phrack Magazine, July 2002
13.
Müller, T., Piminedis, L.: ASLR smack & laugh reference. In: Seminar on Advanced Exploitation Techniques. RWTH Aachen University, Germany (2008)
14.
Hund, R., Willems, C., Holz, T.: Space, practical timing side channel attacks against kernel, ASLR. In: IEEE Symposium on Security and Privacy, for IT Security. San Francisco, California: Horst-Goertz Institute. Ruhr-University Bochum, IEEE Computer Society (2013)
15.
Buchanan, E., Roemer, R., Savage, S.: Return-oriented programming: exploits without code injection. In: Black Hat USA Briefings 2008, Las Vegas, NV, US. University of California, San Diego, July 2008
16.
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), pp. 27–38, Alexandria, VA, US. University of San Diego, October 2008
17.
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 559–572. ACM, Chicago, October 2010
18.
Schwartz, E., Avgerinos, T., Brumley, D.: Q: exploit hardening made easy. In: Proceedings of the 20th USENIX Security Symposium (USENIX 2011), San Francisco, CA. Carnegie Mellon University, Pittsburgh, August 2011
19.
Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur.(TISSEC) 15(1), 2:1–2:34 (2012)CrossRef
20.
21.
22.
Younan, Y., Joosen, W., Piessens, F.: Code Injection in C and C++: A Survey of Vulnerabilities and Countermeasures. Technical report, Katholieke Universiteit Leuven, Department of Computer Science, Belgium, July 2004
Metadata
Title
SCADS
Authors
Christopher Kugler
Tilo Müller
Copyright Year
2015
Book
International Conference on Security and Privacy in Communication Networks

Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-23829-6_23

Premium Partner

    Image Credits