2019-2 (31)

Nuclear, radiation and environmental safety

Article Name10.26583/GNS-2019-02-02
Analysis of Existing Protection Systems from Buffer Overflow and Methods of their Bypass
AuthorsM.A. Parinov
Address

 Institute of Nuclear Physics and Technology (INP&T), National Research Nuclear University «MEPhI», Kashirskoye shosse, 31, Moscow, Russia 115409

1ORCID iD: 0000-0002-6947-8753

WoS Researcher ID: G-9341-2019

e-mail: mafimka@gmail.com

AbstractThe issue of detecting and preventing attacks on applications has been and remains one of the urgent tasks of information security. Flaws in the program code lead to disruption of the normal operation of the software. Data integrity, availability and confidentiality of the data, interruption of the execution of running processes or even the system as a whole may occur due to design flaws. This paper discusses the mechanism of buffer overflow on a stack as well as existing modern means of detecting or preventing buffer overflows such as ASLR, StackGuard, and a non-executable stack. These security features are chosen as the research target because they are the most common and are built-in security features in Linux. The objective of the work is to analyze the problem of buffer overflow and the incomplete effectiveness of existing commonly used means of preventing and detecting this type of attack as well as a description of an alternative way to solve the problem of buffer overflow. As part of the work for each of the widespread means of protection considered a way to circumvent it. The result of this work was the conclusion that the existing security tools have significant drawbacks and therefore requires the development of an additional remedy, the idea of which is proposed at the end of the article.
Keywordsbuffer overflow, system calls, code injection, Data Execution Prevention, ASLR, StackGuard, information security.
LanguageRussian
References
  1. Aleph One. Smashing The Stack For Fun And Profit. URL: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf.
  2. Al`fred V. Axo, S. Lam Monika, Seti Ravi, D. Ul`man Dzheffri. Kompilyatory`. Principy`, texnologii i instrumentarij. Moskva. Vil`yams [Compilers: Principles, Techniques and Tools]. 2013. 1040 р. (in Russian).
  3. Donald E. Porter, Emmett Witchel. Transactional system calls on Linux. URL: http://www.cs.unc.edu/~porter/pubs/ols10.pdf (in Russian).
  4. Michal Sojka. Kernel side of system calls. URL: http://labe.felk.cvut.cz/~stepan/33OSD/files/osd-e3-kern-syscall.pdf.
  5. Styugin M.A. Sposob postroeniya programmnogo koda s nerazlichimoj funkcional`nost`yu. Bezopasnost` informacionny`x texnologij [The Method of Generation Program Code with Indistinguishable Functionality. IT Security]. [S.l.]. V. 24. №. 1. P. 66-72, apr. 2017. ISSN 2074-7136. URL: https://bit.mephi.ru/index.php/bit/article/view/57 (in Russian). doi:http://dx.doi.org/10.26583/bit.2017.1.08.
  6. Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. URL: https://www.usenix.org/legacy/publications/
    library/proceedings/sec98/full_papers/cowan/
    cowan.pdf.
  7. Perry Wagle, Crispin Cowan. StackGuard: Simple Stack Smash Protection for GCC. URL: ftp://gcc.gnu.org/pub/gcc/summit/2003/Stackguard.pdf.
  8. Gerardo Richarte. Four different tricks to bypass StackShield and StackGuard protection. URL: URL: <https://www.cs.purdue.edu/homes/xyzhang/spring07/Papers/defeat-stackguard.pdf
    (in English).
  9. Hovav Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). URL: https://hovav.net/ucsd/dist/geometry.pdf.
  10. Erik Buchanan, Ryan Roemer, Stefan Savage, Hovav Shacham. Return-oriented Programming: Exploitation without Code Injection. URL: https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf.
  11. Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage. When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. URL: http://cseweb.ucsd.edu/~savage/papers/
    CCS08GoodInstructions.pdf.
  12. Reed Hastings, Bob Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. URL: https://web.stanford.edu/class/cs343/resources/purify.pdf.
  13. Tyler Durden. Bypassing PaX ASLR protection. URL: http://phrack.org/issues/59/9.html.
  14. Hector Marco, Ismael Ripoll. AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. URL: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html.
  15. Tilo Muller. ASLR Smack & Laugh Reference. URL: https://ece.uwaterloo.ca/~vganesh/
    TEACHING/S2014/ECE458/aslr.pdf.
  16. Ralf Hund, Carsten Willems, Thorsten Holz. Practical Timing Side Channel Attacks Against Kernel Space ASLR. URL: https://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf.
  17. Dmitry Evtyushkin, Dmitry Ponomarev, Nael Abu-Ghazaleh. Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR. URL: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf.
Papers15 - 22
URL ArticleURL Article
 Open Article