Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2024)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 710))

  • 287 Accesses

Abstract

Memory unsafe languages are still widely used in a lot of critical software such as operating system kernels and browsers, and thus, memory corruption attacks remain a significant threat. To mitigate the threat, various defense approaches have been proposed such as the Address Space Layout Randomization (ASLR) and Stack Canary. However, adversaries have demonstrated the capability to bypass them, which results in upgraded defense systems. To complement the ASLR, the stack isolation technique that conceals sensitive objects stored in stack memory by relocating them to a “safe region” was introduced. Nonetheless, advanced information disclosure attacks, such as Allocation Oracle, have been employed to discover the location of the safe region. In this work, we introduce Satellite as an effective and efficient approach for safeguarding the stack memory against memory vulnerabilities and information disclosure attacks. The proposed technique guarantees the safety of the return address stored in the safe region, protecting it from vulnerabilities like buffer overflows and information disclosure attacks. To easily support general C/C++ programs, we implemented Satellite in the LLVM compiler framework. To demonstrate the efficiency of Satellite, we applied Satellite to SPEC CPU2006, SPEC CPU2017, and the Nginx web server to assess the effectiveness of the proposed technique. The assessment findings indicate that Satellite incurs an average performance overhead of 0.29%

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), pp. 268–279 (2015)

    Google Scholar 

  2. Burow, N., Zhang, X., Payer, M.: SoK: shining light on shadow stacks. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, pp. 985–999 (2019)

    Google Scholar 

  3. Wu, C., et al.: Dancing with wolves: an intra-process isolation technique with privileged hardware. IEEE Trans. Dependable Secure Comput. 20(3), 1959–1978 (2022)

    Article  Google Scholar 

  4. Cho, H., et al.: Exploiting uses of uninitialized stack variables in linux kernels to leak kernel pointers. In: Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT), p. 3 (2020)

    Google Scholar 

  5. Corbet, J.: x86 NX support (2004). https://lwn.net/%20Articles/87814/

  6. Evans, I., et al.: Missing the point (ER): on the effectiveness of code pointer integrity. In: Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, pp. 781–796 (2015)

    Google Scholar 

  7. Hofemeier, G., Chesebrough, R.: Introduction to intel AES-NI and intel secure key instructions (2012). https://www.intel.com/content/dam/develop/external/us/en/documents/introduction-to-intel-secure-key-instructions.pdf

  8. Intel: Intel (R) 64 and IA-32 Architectures Software Developer’s Manual (2016). https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html

  9. Koning, K., Chen, X., Bos, H., Giuffrida, C., Athanasopoulos, E.: No need to hide: protecting safe regions on commodity hardware. In: Proceedings of the 12th European Conference on Computer Systems (EUROSys), Belgrade, Serbia, pp. 437–452 (2017)

    Google Scholar 

  10. Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: \(\{\)Code-pointer\(\}\) integrity. In: Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Broomfield, CO, pp. 147–163 (2014)

    Google Scholar 

  11. LLVM: SafeStack (2015). https://clang.llvm.org/docs/SafeStack.html

  12. Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-guard: stopping address space leakage for code reuse attacks. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), pp. 280–291 (2015)

    Google Scholar 

  13. Salehi, M., Degani, L., Roveri, M., Hughes, D., Crispo, B.: Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices. IEEE Trans. Dependable Secure Comput. 20(2), 1124–1138 (2023)

    Article  Google Scholar 

  14. Matz, M.: System v application binary interface (2013). aMD64 Architecture Processor Supplement, Draft v0

    Google Scholar 

  15. Microsoft: A detailed description of the data execution prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 (2006). http://support.microsoft.com/kb/875352/EN-US/

  16. Microsoft: Control flow guard (2016). http://msdn.microsoft.com/en-us/library/Dn919635.aspx

  17. Microsoft, Corporation: CVE-2018-0973 (2018). https://www.cve.org/CVERecord?id=CVE-2018-0973

  18. Mitre, Corporation: CVE Details (2023). https://www.cvedetails.com/

  19. Oikonomopoulos, A., Athanasopoulos, E., Bos, H., Giuffrida, C.: Poking holes in information hiding. In: Proceedings of the 25th USENIX Security Symposium (Security), Austin, TX, pp. 121–138 (2016)

    Google Scholar 

  20. One, Aleph: Smashing the stack for fun and profit. Phrack Magazine (1996)

    Google Scholar 

  21. PaX, Team: PaX address space layout randomization(ASLR). http://pax.grsecurity.net/docs/aslr.txt

  22. Baradaran, S., Heidari, M., Kamali, A., Mouzarani, M.: A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes. Int. J. Inf. Secur. 22(1), 1277–1290 (2023)

    Article  Google Scholar 

  23. Checkoway, S., Davi, L.., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 559–572 (2010)

    Google Scholar 

  24. Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, pp. 48–62 (2013)

    Google Scholar 

  25. Team, 82: Exploited: Netgear Nighthawk RAX30. Pwn2own (2023)

    Google Scholar 

  26. Team82: CVE-2023-27357 (2023). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27357

  27. Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N.O., Sammler, M., Druschel, P., Garg, D.: \(\{\)ERIM\(\}\): secure, efficient in-process isolation with protection keys (\(\{\)MPK\(\}\)). In: Proceedings of the 28th USENIX Security Symposium (Security), Santa Clara, CA, pp. 1221–1238 (2019)

    Google Scholar 

  28. Wagle, P., Cowan, C.: Stackguard: simple stack smash protection for GCC. In: Proceedings of the the GCC Developers Summit, Ottawa, Canada, pp. 1–268 (2003)

    Google Scholar 

  29. Wang, Z., et al.: ReRanz: a light-weight virtual machine to mitigate memory disclosure attacks. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), pp. 143–156. Xi’an, China (2017)

    Google Scholar 

  30. Wang, Z., et al.: SEIMI: efficient and secure SMAP-enabled intra-process memory isolation. In: Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, pp. 592–607 (2020)

    Google Scholar 

  31. Wang, Z., et al.: SafeHidden: an efficient and secure information hiding technique using re-randomization. In: Proceedings of the 28th USENIX Security Symposium (Security), Santa Clara, CA, pp. 1239–1256 (2019)

    Google Scholar 

  32. Zieris, P., Horsch, J.: A leak-resilient dual stack scheme for backward-edge control-flow integrity. In: Proceedings of the 13th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Incheon, Korea, pp. 369–380 (2018)

    Google Scholar 

Download references

Acknowledgment

This work was supported as part of Military Crypto Research Center (UD210027XD) funded by Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD).

Author information

Authors and Affiliations

  1. Korea University, Seoul, South Korea

    Hongjoo Jin, Sumin Yang & Dong Hoon Lee

  2. Soongsil University, Seoul, South Korea

    Haehyun Cho

  3. Samsung Electronics, Hwaseong, South Korea

    Moon Chan Park

Authors
  1. Hongjoo Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sumin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moon Chan Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haehyun Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dong Hoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Hongjoo Jin , Haehyun Cho or Dong Hoon Lee .

Editor information

Editors and Affiliations

  1. Edinburgh Napier University, Edinburgh, UK

    Nikolaos Pitropakis

  2. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  3. University of Nottingham, Nottingham, UK

    Steven Furnell

  4. Royal Holloway University of London, Egham, Surrey, UK

    Konstantinos Markantonakis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jin, H., Yang, S., Park, M.C., Cho, H., Lee, D.H. (2024). Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. In: Pitropakis, N., Katsikas, S., Furnell, S., Markantonakis, K. (eds) ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-031-65175-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-65175-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-65174-8

  • Online ISBN: 978-3-031-65175-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation