Annual Computer Security Applications Conference 2015

Full Program »

DynaGuard: Armoring Canary-based Protections against Brute-force Attacks

View File

Over the past decade many exploit mitigation techniques have been introduced to defend against memory corruption attacks. WˆX, ASLR, and canary-based protections are nowadays widely deployed and considered standard practice. However, despite the fact that these techniques have evolved over time, they still suffer from limitations that en- able skilled adversaries to bypass them.
In this work, we focus on countermeasures against the byte-by-byte discovery of stack canaries in forking programs. This limitation, although known for years, has yet to be ad- dressed effectively, and was recently abused by a series of exploits that allowed for the remote compromise of the popular Nginx web server and a full ASLR bypass in x86-64 Linux. We present DynaGuard, an extension to canary- based protections that further armors hardened applications against brute-force canary attacks. We have implemented DynaGuard in two flavors: a compiler-based version, which incurs an average runtime overhead of 1.2%, and a version based on dynamic binary instrumentation, which can protect binary-only applications without requiring access to source code. We have evaluated both implementations using a set of popular server applications and benchmark suites, and examined how the proposed design overcomes the limitations of previous proposals, ensuring application correctness and seamless integration with third-party software.


Theofilos Petsios    
Columbia University
United States

Vasileios P. Kemerlis    
Brown University
United States

Michalis Polychronakis    
Stony Brook University
United States

Angelos D. Keromytis    
Columbia University
United States


Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC