When stack protection does not protect the stack?
| Autor: | Pavel Dovgalyuk, Vladimir Makarov |
|---|---|
| Jazyk: | English<br />Russian |
| Rok vydání: | 2018 |
| Předmět: | |
| Zdroj: | Труды Института системного программирования РАН, Vol 28, Iss 5, Pp 55-72 (2018) |
| Druh dokumentu: | article |
| ISSN: | 2079-8156 2220-6426 |
| DOI: | 10.15514/ISPRAS-2016-28(5)-3 |
| Popis: | The majority of software vulnerabilities originate from buffer overflow. Techniques to eliminate buffer overflows and limit their damage include secure programming, source code audit, binary code audit, static and dynamic code generation features. Modern compilers implement compile-time and execution time protection schemes, that include variables reordering, inserting canary value, and separate stack for return addresses. Our research is targeted to finding the breaches in the compiler protection methods. We tested MSVC, gcc, and clang and found that two of these compilers have flaws that allow exploiting buffer overwrite under certain conditions. |
| Databáze: | Directory of Open Access Journals |
| Externí odkaz: |
|