Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

DiffGuard: Obscuring Sensitive Information in Canary Based Protections

Download
136 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_39,
        author={Jun Zhu and Weiping Zhou and Zhilong Wang and Dongliang Mu and Bing Mao},
        title={DiffGuard: Obscuring Sensitive Information in Canary Based Protections},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Information leak Brute-force attacks Canary-based protection Canary re-randomization},
        doi={10.1007/978-3-319-78813-5_39}
    }
    
  • Jun Zhu
    Weiping Zhou
    Zhilong Wang
    Dongliang Mu
    Bing Mao
    Year: 2018
    DiffGuard: Obscuring Sensitive Information in Canary Based Protections
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_39
Jun Zhu1,*, Weiping Zhou1,*, Zhilong Wang1,*, Dongliang Mu1,*, Bing Mao1,*
  • 1: Nanjing University
*Contact email: junzhu0406@gmail.com, zhouweipingcs@163.com, njuwangzhilong@163.com, mudongliangabcd@163.com, maobing@nju.edu.cn

Abstract

Memory Corruption attacks have monopolized the headlines in the security research community for the past two decades. NX/XD, ASLR, and canary-based protections have been introduced to defend effectively against memory corruption attacks. Most of these techniques rely on keeping secret in some key information needed by the attackers to build the exploit. Unfortunately, due to the inherent limitations of these defenses, it is relatively difficult to restrain trained attackers to find those secrets and create effective exploits. Through an information disclosure vulnerability, attackers could leak stack data of the runtime process and scan out canary word without crashing the program. We present DiffGuard, a modification of the canary based protections which eliminates stack sweep attacks against the canary and proposes a more robust countermeasures against the byte-by-byte discovery of stack canaries in forking programs. We have implemented a compiler-based DiffGuard which consists of a plugin for the GCC and a PIC dynamic shared library that gets linked with the running application via LD PRELOAD. DiffGuard incurs an average runtime overhead of 3.2%, meanwhile, ensures application correctness and seamless integration with third-party software.