A software approach for stack memory protection based on duplication and randomisation

Abstract

With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Unfortunately, all previously proposed solutions that deal with this problem suffer from shortcomings and therefore highlighting the need for further research in this vital area. In this paper, a software-based solution for stack-based vulnerabilities and attacks is proposed, implemented, and tested. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomises the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.