A longstanding issue in computer security is preventing an attacker from gaining arbitrary execution rights from the exploitation of common programming mistakes, which result in opening unintentional breaches in the behavior of executable code. In particular, buffer overflows on the stack and the possibility for an attacker to manipulate format strings in formatted I/O functions still represent, according to the classification provided by the SANS institute, the third and 23rd most significant threats to the security of a system, respectively. We provide a drop-in countermeasure intercepting calls to dynamic libraries, to prevent both stack-based buffer overflows and uncontrolled format strings from providing a viable entry point for an attacker, while keeping the average performance overhead below 4% for I/O intensive applications and within 2% for CPU bound ones. We tested our approach on a large benchmark suite on a common Linux distribution, without making any modifications

Drop-In Control Flow Hijacking Prevention through Dynamic Library Interception

BARENGHI, ALESSANDRO;PELOSI, GERARDO;
2013

Abstract

A longstanding issue in computer security is preventing an attacker from gaining arbitrary execution rights from the exploitation of common programming mistakes, which result in opening unintentional breaches in the behavior of executable code. In particular, buffer overflows on the stack and the possibility for an attacker to manipulate format strings in formatted I/O functions still represent, according to the classification provided by the SANS institute, the third and 23rd most significant threats to the security of a system, respectively. We provide a drop-in countermeasure intercepting calls to dynamic libraries, to prevent both stack-based buffer overflows and uncontrolled format strings from providing a viable entry point for an attacker, while keeping the average performance overhead below 4% for I/O intensive applications and within 2% for CPU bound ones. We tested our approach on a large benchmark suite on a common Linux distribution, without making any modifications
Proceedings of the 10th International Conference on Information Technology
9780769549675
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/738967
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact