Title :
Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers
Author :
Marco-Gisbert, Hector ; Ripoll, Ismael
Author_Institution :
Inst. Tecnol. de Inf., Univ. Politec. de Valencia, Valencia, Spain
Abstract :
The buffer overflow is still an important problem despite the various protection methods developed and widely used on most systems (Stack-Smashing Protector, ASLR and Non-eXecutable). Most of these techniques rely on keeping secret some key information needed by the attackers to build the exploit. Unfortunately, the architecture of most Web servers allows attacker to implement brute force attacks that can be exploited to obtain those secrets by mean of brute force attacks, and eventually break into the server. We propose a modification of the stack-smashing protector (SSP) technique which eliminates brute force attacks against the canary. The technique is not intrusive, and can be applied by just pre-loading a shared library. The overhead is almost negligible. The technique has been tested on several web servers and on a complete GNU/Linux distribution by patching the standard C library. We expect that the strategy presented in this paper will become a standard technique on both desktop and servers.
Keywords :
C language; Internet; Linux; client-server systems; cryptography; software libraries; ASLR; GNU distribution; Linux distribution; SSP technique; Web servers; brute force attack prevention; buffer overflow; networking servers; nonexecutable; shared library preloading; stack canary protection; stack-smashing protector technique; standard C library; Force; Instruction sets; Layout; Libraries; Proposals; Servers; Standards; Buffer overflow prevention; Netwoking server security;
Conference_Titel :
Network Computing and Applications (NCA), 2013 12th IEEE International Symposium on
Conference_Location :
Cambridge, MA
Print_ISBN :
978-0-7695-5043-5
DOI :
10.1109/NCA.2013.12
