The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2013 vol.10)
pp: 368-379
Gang Chen , Cluster & Grid Comput. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China
Hai Jin , Cluster & Grid Comput. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China
Deqing Zou , Cluster & Grid Comput. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China
Bing Bing Zhou , Centre for Distrib. & High Performance Comput., Univ. of Sydney, Sydney, NSW, Australia
Zhenkai Liang , Dept. of Comput. Sci., Nat. Univ. of Singapore, Singapore, Singapore
Weide Zheng , Cluster & Grid Comput. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China
Xuanhua Shi , Cluster & Grid Comput. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China
ABSTRACT
Buffer overflow attacks still pose a significant threat to the security and availability of today's computer systems. Although there are a number of solutions proposed to provide adequate protection against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a serious problem on service-oriented platforms. This paper presents SafeStack, a system that can automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions, which provides a fundamental and effective protection against recurrence of the same attack without stopping normal system execution. We developed a prototype on a Linux system, and conducted extensive experiments to evaluate the effectiveness and performance of the system using a range of applications. Our experimental results showed that SafeStack can quickly generate runtime patches to successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for the patched applications.
INDEX TERMS
Software reliability, Computer security, Computer viruses, Fault diagnosis,attack prevention, Software reliability, buffer overflow vulnerability diagnosis
CITATION
Gang Chen, Hai Jin, Deqing Zou, Bing Bing Zhou, Zhenkai Liang, Weide Zheng, Xuanhua Shi, "SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities", IEEE Transactions on Dependable and Secure Computing, vol.10, no. 6, pp. 368-379, Nov.-Dec. 2013, doi:10.1109/TDSC.2013.25
REFERENCES
[1] "US-CERT Vulnerability Notes Database," http://www.kb. cert.org/vulsbymetric?open\&start=1\&count=20 , 2013.
[2] "Internet Security Threat Report," http://www.symantec.com/enterprise/threatreport index.jsp, 2013.
[3] M. Nicholls, "Tutorial: SEH Based Exploits and the Development Process," http://www.ethicalhacker.net/content/view/ 3092/, 2013.
[4] C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. Seventh Conf. USENIX Security Symp., pp. 63-78, 1998.
[5] "A Stack Smashing Technique Protection Tool for Linux," http://www.anglefire.com/skstackshield, 2012.
[6] M. Prasad and T. Chiueh, "A Binary Rewriting Defense against Stack Based Buffer Overflow Attacks," Proc. USENIX Annu. Technical Conf., pp. 211-224, 2003.
[7] T. Chiueh and F. Hsu, "RAD: A Compile-time Solution to Buffer Overflow Attacks," Proc. 21st Int'l Conf. Distributed Computing Systems, pp. 409-417, 2001.
[8] O. Ruwase and M. Lam, "A Practical Dynamic Buffer Overflow Detector," Proc. 11th Annu. Network Distributed System Security Symp., pp. 159-169, 2004.
[9] C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities," Proc. 12th Conf. USENIX Security Symp., pp. 91-104, 2003.
[10] PaX Team, "PaX," http:/pax.grsecurity.net, 2013.
[11] S. Bhatkar, D.C. DuVarney, and R. Sekar, "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits," Proc. 12th USENIX Security Symp., 2003.
[12] S. Bhatkar, R. Sekar, and D. DuVarney, "Efficient Techniques for Comprehensive Protection from Memory Error Exploits," Proc. 14th Conf. USENIX Security Symp., pp. 271-286, 2005.
[13] F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou, "Rx: Treating Bugs as Allergies—A Safe Method to Survive Software Failures," Proc. 20th ACM Symp. Operating System Principles, pp. 235-248, 2005.
[14] S. Sidiroglou and A. Keromytis, "Countering Network Worms through Automatic Patch Generation," IEEE Security Privacy, vol. 3, no. 6, pp. 41-49, Nov./Dec. 2005.
[15] S. Sidiroglou, O. Laadan, C. Perez, N. Viennot, J. Nieh, and A. Keromytis, "ASSURE: Automatic Software Self-Healing Using REscue Points," Proc. 14th Int'l Conf. Architectural Support Programming Languages Operating Systems, pp. 37-48, 2009.
[16] G. Chen, H. Jin, D. Zou, B. Zhou, W. Qiang, and G. Hu, "SHelp: Automatic Self-Healing for Multiple Application Instances in a Virtual Machine Environment," Proc. IEEE Int'l Conf. Cluster Computing, pp. 97-106, 2010.
[17] Z. Liang and R. Sekar, "Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers," Proc. 12th ACM Conf. Computer Comm. Security, 2005.
[18] A. Keromytis, "'Patch on Demand' Saves Even More Time?" Computer, vol. 37, no. 8, pp. 94-96, 2004.
[19] J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt, "Automatic Diagnosis and Response to Memory Corruption Vulnerabilities," Proc. 12th ACM Conf. Computer Comm. Security, 2005.
[20] A. Smirnov and T. Chiueh, "Automatic Patch Generation for Buffer Overflow Attacks," Proc. Third Int'l Symp. Information Assurance Security, pp. 165-170, 2007.
[21] Q. Gao, W. Zhang, Y. Tang, and F. Qin, "First-Aid: Surviving and Preventing Memory Management Bugs during Production Runs," Proc. Fourth ACM European Conf. Computer Systems, pp. 159-172, 2009.
[22] E. Berger and B. Zorn, "DieHard: Probabilistic Memory Safety for Unsafe Languages," Proc. ACM SIGPLAN Conf. Programming Language Design Implementation, pp. 158-168, 2006.
[23] G. Candea, S. Kawamoto, Y. Fujiki, G. Friedman, and A. Fox, "Microreboot—A Technique for Cheap Recovery," Proc. Sixth Conf. Symp. Operating Systems Design Implementation, pp. 31-44, 2004.
[24] C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood, "Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation," Proc. ACM SIGPLAN Conf. Programming Language Design Implementation, pp. 190-200, 2005.
[25] "Libdasm: A Disassembly Library," http://code.google.com/plibdasm/, 2013.
[26] Hex-Rays, "IDAPro Multi-Processor Disassembler and Debugger," http://www.hex-rays.com/products/idaindex.shtml , 2013.
[27] Symantec, "Thttpd Defang Remote Buffer Overflow Vulnerability," http://www.securityfocus.com/bid8906/, 2013.
[28] LHTTPd Development Team, "A Light HTTP Server and Content Management System," http:/lhttpd.sourceforge.net/, 2013.
[29] Symantec, "Atphttpd Remote GET Request Buffer Overrun Vulnerability," http://www.securityfocus.com/bid/8709discuss /, 2013.
[30] ProFTPD, "A Highly Configurable GPL-Licensed FTP Server Software," http:/www.proftpd.org/, 2013.
[31] Icecast, "A GPL Streaming Media Server," http:/www.icecast.org/, 2012.
[32] Symantec, "Newspost Remote Buffer Overflow Vulnerability," http://www.securityfocus.com/bid12418/, 2013.
[33] Symantec, "Prozilla Buffer Overflow Vulnerability," http://www. securityfocus.com/bid14993, 2013.
[34] M. Rinard, C. Cadar, D. Dumitran, D. Roy, T. Leu, and W. BeebeeJr., "Enhancing Server Availability and Security through Failure-Oblivious Computing," Proc. Sixth Conf. Symp. Operating Systems Design Implementation, pp. 303-316, 2004.
[35] P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro, "Preventing Memory Error Exploits with WIT," Proc. IEEE Symp. Security Privacy, pp. 263-277, 2008.
[36] A. Baratloo, N. Singh, and T. Tsai, "Transparent Run-Time Defense against Stack Smashing Attacks," Proc. USENIX Annu. Technical Conf., pp. 251-262, 2000.
[37] A.D. Keromytis, "Characterizing Self-Healing Software Systems," Proc. Fourth Int'l Conf. Math. Methods, Models Architectures Computer Networks Security, 2007.
[38] Y. Huang, C. Kintala, N. Kolettis, and N. Fulton, "Software Rejuvenation: Analysis, Module and Applications," Proc. 25th Annu. Int'l Symp. Fault-Tolerant Computing, pp. 381-391, 1995.
[39] M.E. Locasto, S. Sidiroglou, and A.D. Keromytis, "Software Self-Healing Using Collaborative Application Communities," Proc. Internet Soc. Symp. Network Distributed Systems Security, pp. 95-106, 2006.
[40] M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham, "Vigilante: End-to-End Containment of Internet Worms," Proc. 20th ACM Symp. Operating Systems Principles (SOSP '05), 2005.
[41] S. Sidiroglou, M.E. Locasto, S.W. Boyd, and A.D. Keromytis, "Building a Reactive Immune System for Software Services," Proc. USENIX Annu. Technical Conf., pp. 149-161, 2005.
[42] S. Sidiroglou, M.E. Locasto, and A.D. Keromytis, "Hardware Support for Self-Healing Software Services," ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 42-47, 2005.
[43] S. Sidiroglou, G. Giovanidis, and A.D. Keromytis, "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks," Proc. Eighth Int'l Conf. Information Security (ISC '05), pp. 1-15, 2005.
[44] S. Sidiroglou, S. Ioannidis, and A. Keromytis, "Band-Aid Patching," Proc. Third Workshop Hot Topics System Dependability, pp. 102-106, 2007.
[45] M.E. Locasto, A. Stavrou, G.F. Cretu, and A.D. Keromytis, "From STEM to SEAD: Speculative Execution for Automated Defense," Proc. USENIX Annu. Technical Conf., pp. 219-232, 2007.
11 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool