




















Manipulations of return addresses on the stack are the basis for a variety of attacks on programs written in memory unsafe languages. Dual stack schemes for protecting return addresses promise an efficient and effective defense against such attacks. By introducing a second, safe stack to separate return addresses from potentially unsafe stack objects, they prevent attacks that, for example, maliciously modify a return address by overflowing a buffer. However, the security of dual stacks is based on the concealment of the safe stack in memory. Unfortunately, all current dual stack schemes are vulnerable to information disclosure attacks that are able to reveal the safe stack location, and therefore effectively break their promised security properties. In this paper, we present a new, leak-resilient dual stack scheme capable of withstanding sophisticated information disclosure attacks. We carefully study previous dual stack schemes and systematically develop a novel design for stack separation that eliminates flaws leading to the disclosure of safe stacks. We show the feasibility and practicality of our approach by presenting a full integration into the LLVM compiler framework with support for the x86-64 and ARM64 architectures. With an average of 2.7% on x86-64 and 0.0% on ARM64, the performance overhead of our implementation is negligible.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。