Detecting Stack Layout Corruptions With Robust Stack Unwinding
RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES, RAID 2016(2016)
摘要
The stack is a critical memory structure to ensure the correct execution of programs because control flow changes through the data stored in it, such as return addresses and function pointers. Thus the stack has been a popular target by many attacks and exploits like stack smashing attacks and return-oriented programming (ROP). We present a novel system to detect the corruption of the stack layout using a robust stack unwinding technique and detailed stack layouts extracted from the stack unwinding information for exception handling widely available in off-the-shelf binaries. Our evaluation with real-world ROP exploits has demonstrated successful detection of them with performance overhead of only 3.93% on average transparently without accessing any source code or debugging symbols of a protected binary.
更多查看译文
关键词
Stack layout corruption,Stack layout invariants,Stack unwinding information,Return oriented programming
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络