| With the rapid development of information technology,the increasing complexity of system and software causes it more and more difficult to guarantee the correctness and security of software.The program inevitably contains a variety of vulnerabilities,which can be exploited by the attackers and cause a huge threat to individuals,organiza-tions and governments.Therefore,researchers both in academia and industry have put much efforts on how to effectively mitigate the impact of security vulnerabilities.Var-ious mechanisms have been put forward to enhance the security of computer system.Attack mitigation technologies,such as Non-Executable Stack,Address Apace Lay-out Randomization and Stack Smashing Protection,achieves a good balance between performance,security and compatibility,therefore are widely deployed in existing sys-tems.However,due to the defects of its design,it still take the risk of being compro-mised in a specific environment.This paper focuses on canary based stack smashing protection technology,studies the shortcomings of original schemes and related im-provements,then proposes our design.Among all software security vulnerabilities,buffer overflow vulnerability is the most dangerous one because it is ubiquitous in software and easy to attack.Through the buffer overflow vulnerability,the attacker can modify the program status,manipu-late the program control flow,and then execute arbitrary malicious code,which brings enormous harm to the software users.Among the various defense mechanisms pro-posed by researchers against buffer overflow vulnerabilities,Stack Smashing Protec-tion(SSP)is a simple and highly efficient technique,which is widely used in practice as the front line defense against stack buffer overflow attacks.Unfortunately,SSP is known to be vulnerable to the so-called byte-by-byte attack.Although several rem-edy schemes are proposed in the recent literature,their security is achieved at the price of practicality,because their complex logics not only ruin SSP's simplicity and high-efficiency,but also make it difficult to guarantee the correctness and compatibility in special situations.In this paper,to address the restrictions in existing works,(1)we present an elegant solution named as Polymorphic SSP(P-SSP)that attains the same security without sacrificing SSP's strengths.(2)Both a compiler plugin and a binary instrumentation tool were implemented for deploying P-SSP.Their respective runtime overheads are only 0.24%and 1.01%.(3)We also propose four extensions of the basic scheme for better compatibility,stronger security,and local variable protection,respec-tively.(4)We designed prototypes to verify four extensions,and implemented two of them based on the compiler.(5)We evaluated the performance,effectiveness and com-patibility of the basic scheme,experimented with our extensions and compared their pros and cons with the basic scheme.The results show that P-SSP is promising to be widely deployed in the future. |
