International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

SCADS

Download
453 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_23,
        author={Christopher Kugler and Tilo M\'{y}ller},
        title={SCADS},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Stack-based buffer overflows LLVM Separate control stack},
        doi={10.1007/978-3-319-23829-6_23}
    }
    
  • Christopher Kugler
    Tilo Müller
    Year: 2015
    SCADS
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_23
Christopher Kugler1, Tilo Müller1,*
  • 1: Friedrich-Alexander University of Erlangen-Nuremberg
*Contact email: tilo.mueller@cs.fau.de

Abstract

Despite the fact that protection mechanisms like , and are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this paper, we present a compiler-level protection called . In our approach, we protect return addresses and saved frame pointers on a separate stack, called the . In common computer programs, a single user mode stack is used to store control information next to data buffers. By separating control information from the , we protect sensitive pointers of a program’s control flow from being overwritten by buffer overflows. As we make control flow information simply unreachable for buffer overflows, many exploits are stopped at an early stage of progression with only little performance overhead. To substantiate the practicability of our approach, we provide SCADS as an open source patch for the LLVM compiler infrastructure for AMD64 hosts.