Abstract
A longstanding issue in computer security is preventing an attacker from gaining arbitrary execution rights from the exploitation of common programming mistakes, which result in opening unintentional breaches in the behavior of executable code. In particular, buffer overflows on the stack and the possibility for an attacker to manipulate format strings in formatted I/O functions still represent, according to the classification provided by the SANS institute, the third and 23rd most significant threats to the security of a system, respectively. We provide a drop-in countermeasure intercepting calls to dynamic libraries, to prevent both stack-based buffer overflows and uncontrolled format strings from providing a viable entry point for an attacker, while keeping the average performance overhead below 4% for I/O intensive applications and within 2% for CPU bound ones. We tested our approach on a large benchmark suite on a common Linux distribution, without making any modifications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
