SCISM: A Solution for General Buffer Overflow Protection

In software coding practices, buffer overflow is most frequently used as a means of intrusion. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. In this paper, we propose a compiler-based solution to the notorious buffer overflow attack problem. A stack control information separating mechanism (SCISM) is developed to separate control information, which is stored in a safe area of address space, from data information in run-time stack. When a program is compiled by the compiler SCISM-based, it can detect stack-smashing by buffer overflow, thus stop running automatically, and the control flow of it cannot be changed and transferred to the injected code. The proposed approach is evaluated with 11 SPEC CPU2000 benchmark programs and demonstrated its feasibility to solve the problem with only a slight performance loss.