Research Article
SCADS
@INPROCEEDINGS{10.1007/978-3-319-23829-6_23, author={Christopher Kugler and Tilo M\'{y}ller}, title={SCADS}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Stack-based buffer overflows LLVM Separate control stack}, doi={10.1007/978-3-319-23829-6_23} }- Christopher Kugler
Tilo Müller
Year: 2015
SCADS
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_23
Abstract
Despite the fact that protection mechanisms like , and are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this paper, we present a compiler-level protection called . In our approach, we protect return addresses and saved frame pointers on a separate stack, called the . In common computer programs, a single user mode stack is used to store control information next to data buffers. By separating control information from the , we protect sensitive pointers of a program’s control flow from being overwritten by buffer overflows. As we make control flow information simply unreachable for buffer overflows, many exploits are stopped at an early stage of progression with only little performance overhead. To substantiate the practicability of our approach, we provide SCADS as an open source patch for the LLVM compiler infrastructure for AMD64 hosts.