SaVioR: Thwarting Stack-Based Memory Safety Violations by Randomizing Stack Layout

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 50
  • Download : 0
Stack-based memory corruption vulnerabilities have been exploited, allowing attackers to execute arbitrary code and read/write arbitrary memory. Although several solutions have been proposed to prevent memory errors on the stack, they are either limited to a specific type of attack (either spatial or temporal attacks) or cause significant performance degradation. In this paper, we introduce SaVioR, an efficient and comprehensive stack protection mechanism. The key technique involves randomization of the stack layout to reduce its predictability and exploitability. SaVioR isolates an individual object from spatially and temporally adjacent vulnerable objects and randomizes each object's location, which prevents attackers from predicting the stack layout and thus reduces the likelihood of memory errors being exploited. We implemented SaVioR based on the LLVM compiler framework and applied it to the SPEC CPU2006 benchmarks and real-world applications. Our security evaluation showed that SaVioR provides a high degree of randomness in the stack layout and thus reduces the likelihood of successful exploitation of spatial and temporal memory errors on the stack. Our performance evaluation also demonstrated that it incurs a modest performance overhead (13%) with the SPEC CPU2006 benchmark suite, which improves performance compared to the state-of-the-art stack protection while achieving a comparable security level.
Publisher
IEEE Computer Society
Issue Date
2022-07
Language
English
Article Type
Article
Citation

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.19, no.4, pp.2559 - 2575

ISSN
1545-5971
DOI
10.1109/TDSC.2021.3063843
URI
http://hdl.handle.net/10203/297855
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0