When stack protection does not protect the stack?
| Autor: | Pavel Dovgalyuk, Vladimir Makarov |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Source code
Computer science business.industry media_common.quotation_subject стековая канарейка Value (computer science) computer.software_genre lcsh:QA75.5-76.95 переполнение буфера Software Stack (abstract data type) Operating system General Earth and Planetary Sciences msvc Binary code Code generation lcsh:Electronic computers. Computer science Compiler gcc clang business computer General Environmental Science Buffer overflow media_common |
| Zdroj: | Труды Института системного программирования РАН, Vol 28, Iss 5, Pp 55-72 (2018) |
| ISSN: | 2220-6426 2079-8156 |
| DOI: | 10.15514/ispras-2016-28(5)-3 |
| Popis: | The majority of software vulnerabilities originate from buffer overflow. Techniques to eliminate buffer overflows and limit their damage include secure programming, source code audit, binary code audit, static and dynamic code generation features. Modern compilers implement compile-time and execution time protection schemes, that include variables reordering, inserting canary value, and separate stack for return addresses. Our research is targeted to finding the breaches in the compiler protection methods. We tested MSVC, gcc, and clang and found that two of these compilers have flaws that allow exploiting buffer overwrite under certain conditions. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|