Title :
Install-time vaccination of Windows executables to defend against stack smashing attacks
Author :
Nebenzahl, Danny ; Sagiv, Mooly ; Wool, Avishai
Author_Institution :
Dept. of Comput. Sci., Tel Aviv Univ., Ramat Aviv, Israel
Abstract :
Stack smashing is still one of the most popular techniques for computer system attack. In this work, we present an anti-stack-smashing defense technique for Microsoft Windows systems. Our approach works at install-time, and does not rely on having access to the source-code: The user decides when and which executables to vaccinate. Our technique consists of instrumenting a given executable with a mechanism to detect stack smashing attacks. We developed a prototype implementing our technique and verified that it successfully defends against actual exploit code. We then extended our prototype to vaccinate DLLs, multithreaded applications, and DLLs used by multithreaded applications, which present significant additional complications. We present promising performance results measured on SPEC2000 benchmarks: Vaccinated executables were no more than 8 percent slower than their un-vaccinated originals.
Keywords :
multi-threading; security of data; telecommunication security; Microsoft Windows system; antistack-smashing defense technique; buffer overflow; computer security; computer system attack; delay locked loop; install-time vaccination; multithreaded application; Buffer overflow; Computer hacking; Computer worms; Hardware; Instruments; Internet; Operating systems; Prototypes; Security; Wool; Computer security; buffer overflow; instrumentation.;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2006.14
