RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack

Zhou Hongwei; Ke Zhipeng; Zhang Yuchen; Guo Ruichao; Li Shengsheng; Yuan Jinhui

doi:10.1109/ICDSCA56264.2022.9988252

RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack

Zhou Hongwei
, Ke Zhipeng
, Zhang Yuchen
, Guo Ruichao
, Li Shengsheng
, Yuan Jinhui^*

^*Corresponding author for this work

Information Engineering University
Zhongyuan University of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Shadow stack is a method to prevent stack buffer overflow attack. However, in the existing shadow stack solutions, it is often supposed that the shadow stack is safe, but the reality is not always the case. To overcome it, this paper presents a stack buffer overflow attack defense method based on dynamic shadow stack, which is called RS-Stack. The outstanding advantage of RS-Stack is that the shadow stack address is random, and it is difficult for attackers to locate the shadow stack. In order to further improve the security, RS-Stack separates the shadow stack address for protection, which makes it difficult for attackers to destroy the contents of the shadow stack. RS-Stack provides double protection for shadow stack. We have partly implemented RS-Stack, and the experiment shows that the shadow stack address splitting protection introduce heavily performance overhead. In order not to affect the performance too much, the address split protection is optional, and this mechanism is only used in the environment with high security requirements.

Original language	English
Title of host publication	2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1432-1436
Number of pages	5
ISBN (Electronic)	9781665472005
DOIs	https://doi.org/10.1109/ICDSCA56264.2022.9988252
State	Published - 2022
Externally published	Yes
Event	2nd IEEE International Conference on Data Science and Computer Application, ICDSCA 2022 - Dalian, China Duration: 28 Oct 2022 → 30 Oct 2022

Publication series

Name	2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022

Conference

Conference	2nd IEEE International Conference on Data Science and Computer Application, ICDSCA 2022
Country/Territory	China
City	Dalian
Period	28/10/22 → 30/10/22

Keywords

buffer overflow
return Address
shadow stack

Access to Document

10.1109/ICDSCA56264.2022.9988252

Cite this

Hongwei, Z., Zhipeng, K., Yuchen, Z., Ruichao, G., Shengsheng, L., & Jinhui, Y. (2022). RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack. In 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022 (pp. 1432-1436). (2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDSCA56264.2022.9988252

Hongwei, Zhou ; Zhipeng, Ke ; Yuchen, Zhang et al. / RS-Stack : Defense against Stack Buffer Overflow Attack with Random Shadow Stack. 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 1432-1436 (2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022).

@inproceedings{20843eb12e944c3287a186a65bfbdaea,

title = "RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack",

abstract = "Shadow stack is a method to prevent stack buffer overflow attack. However, in the existing shadow stack solutions, it is often supposed that the shadow stack is safe, but the reality is not always the case. To overcome it, this paper presents a stack buffer overflow attack defense method based on dynamic shadow stack, which is called RS-Stack. The outstanding advantage of RS-Stack is that the shadow stack address is random, and it is difficult for attackers to locate the shadow stack. In order to further improve the security, RS-Stack separates the shadow stack address for protection, which makes it difficult for attackers to destroy the contents of the shadow stack. RS-Stack provides double protection for shadow stack. We have partly implemented RS-Stack, and the experiment shows that the shadow stack address splitting protection introduce heavily performance overhead. In order not to affect the performance too much, the address split protection is optional, and this mechanism is only used in the environment with high security requirements.",

keywords = "buffer overflow, return Address, shadow stack",

author = "Zhou Hongwei and Ke Zhipeng and Zhang Yuchen and Guo Ruichao and Li Shengsheng and Yuan Jinhui",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 2nd IEEE International Conference on Data Science and Computer Application, ICDSCA 2022 ; Conference date: 28-10-2022 Through 30-10-2022",

year = "2022",

doi = "10.1109/ICDSCA56264.2022.9988252",

language = "英语",

series = "2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1432--1436",

booktitle = "2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022",

address = "美国",

}

Hongwei, Z, Zhipeng, K, Yuchen, Z, Ruichao, G, Shengsheng, L & Jinhui, Y 2022, RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack. in 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022. 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022, Institute of Electrical and Electronics Engineers Inc., pp. 1432-1436, 2nd IEEE International Conference on Data Science and Computer Application, ICDSCA 2022, Dalian, China, 28/10/22. https://doi.org/10.1109/ICDSCA56264.2022.9988252

RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack. / Hongwei, Zhou; Zhipeng, Ke; Yuchen, Zhang et al.
2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 1432-1436 (2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RS-Stack

T2 - 2nd IEEE International Conference on Data Science and Computer Application, ICDSCA 2022

AU - Hongwei, Zhou

AU - Zhipeng, Ke

AU - Yuchen, Zhang

AU - Ruichao, Guo

AU - Shengsheng, Li

AU - Jinhui, Yuan

PY - 2022

Y1 - 2022

N2 - Shadow stack is a method to prevent stack buffer overflow attack. However, in the existing shadow stack solutions, it is often supposed that the shadow stack is safe, but the reality is not always the case. To overcome it, this paper presents a stack buffer overflow attack defense method based on dynamic shadow stack, which is called RS-Stack. The outstanding advantage of RS-Stack is that the shadow stack address is random, and it is difficult for attackers to locate the shadow stack. In order to further improve the security, RS-Stack separates the shadow stack address for protection, which makes it difficult for attackers to destroy the contents of the shadow stack. RS-Stack provides double protection for shadow stack. We have partly implemented RS-Stack, and the experiment shows that the shadow stack address splitting protection introduce heavily performance overhead. In order not to affect the performance too much, the address split protection is optional, and this mechanism is only used in the environment with high security requirements.

AB - Shadow stack is a method to prevent stack buffer overflow attack. However, in the existing shadow stack solutions, it is often supposed that the shadow stack is safe, but the reality is not always the case. To overcome it, this paper presents a stack buffer overflow attack defense method based on dynamic shadow stack, which is called RS-Stack. The outstanding advantage of RS-Stack is that the shadow stack address is random, and it is difficult for attackers to locate the shadow stack. In order to further improve the security, RS-Stack separates the shadow stack address for protection, which makes it difficult for attackers to destroy the contents of the shadow stack. RS-Stack provides double protection for shadow stack. We have partly implemented RS-Stack, and the experiment shows that the shadow stack address splitting protection introduce heavily performance overhead. In order not to affect the performance too much, the address split protection is optional, and this mechanism is only used in the environment with high security requirements.

KW - buffer overflow

KW - return Address

KW - shadow stack

UR - https://www.scopus.com/pages/publications/85146366093

U2 - 10.1109/ICDSCA56264.2022.9988252

DO - 10.1109/ICDSCA56264.2022.9988252

M3 - 会议稿件

AN - SCOPUS:85146366093

T3 - 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022

SP - 1432

EP - 1436

BT - 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 28 October 2022 through 30 October 2022

ER -

Hongwei Z, Zhipeng K, Yuchen Z, Ruichao G, Shengsheng L, Jinhui Y. RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack. In 2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 1432-1436. (2022 IEEE 2nd International Conference on Data Science and Computer Application, ICDSCA 2022). doi: 10.1109/ICDSCA56264.2022.9988252

RS-Stack: Defense against Stack Buffer Overflow Attack with Random Shadow Stack

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this