Body Armor for Binaries: Preventing Buffer Overflows Without Recompilation
نویسندگان
چکیده
BinArmor is a novel technique to protect existing C binaries from memory corruption attacks on both control data and non-control data. Without access to source code, non-control data attacks cannot be detected with current techniques. Our approach hardens binaries against both kinds of overflow, without requiring the programs’ source or symbol tables. We show that BinArmor is able to stop real attacks—including the recent noncontrol data attack on Exim. Moreover, we did not incur a single false positive in practice. On the downside, the current overhead of BinArmor is high—although no worse than competing technologies like taint analysis that do not catch attacks on non-control data. Specifically, we measured an overhead of 70% for gzip, 16%180% for lighttpd, and 190% for the nbench suite.
منابع مشابه
Deconstructing Hardware Architectures for Security
Researchers have recently proposed novel hardware architectures for enhancing system security. The proposed architectures address security threats such as buffer overflows, format string bugs, and information disclosure. The main advantage of hardware support is increased visibility into system state, low overheads for security checks, and, in some cases, compatibility with legacy binaries. Nev...
متن کاملDetecting Heap Smashing Attacks through Fault Containment Wrappers
Buffer overflow attacks are a major cause of security breaches in modern operating systems. Not only are overflows of buffers on the stack a security threat, overflows of buffers kept on the heap can be too. A malicious user might be able to hijack the control flow of a root-privileged program if the user can initiate an overflow of a buffer on the heap when this overflow overwrites a function ...
متن کاملGlobal ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution
Instruction-set randomization (ISR) obfuscates the “language” understood by a system to protect against code-injection attacks by presenting an ever-changing target. ISR was originally motivated by code injection through buffer overflow vulnerabilities. However, Stuxnet demonstrated that attackers can exploit other vectors to place malicious binaries into a victim’s filesystem and successfully ...
متن کاملHeapShield: Library-Based Heap Overflow Protection for Free
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both a security vulnerability and a frequent source of bugs. Previous approaches to preventing these overflows require source code or can slow programs down by a factor of two or more. We present HeapShield, an approach that prevents all library-based heap overflows at runtime. It works with arbitrary...
متن کاملLibsafe: Transparent System-wide Protection Against Buffer Overflow Attacks
Libsafe is a practical solution that protects against the most common forms of buffer overflow attacks. Such attacks often result in granting the attacker full privileges on the target system. Libsafe is implemented as a shared library that intercepts calls to vulnerable standard library functions. Based on an inspection of the process stack and the function arguments, Libsafe ensures that no r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012