TL;DR
This paper introduces a new leak-resilient dual stack scheme for backward-edge control-flow integrity that effectively prevents safe stack disclosure attacks, with minimal performance overhead on common architectures.
Contribution
The paper presents a novel leak-resilient dual stack design that eliminates vulnerabilities to information disclosure, and demonstrates its implementation in LLVM for x86-64 and ARM64 architectures.
Findings
Successfully prevents safe stack disclosure attacks.
Achieves negligible performance overhead (2.7% on x86-64, 0.0% on ARM64).
Integrates seamlessly into LLVM compiler framework.
Abstract
Manipulations of return addresses on the stack are the basis for a variety of attacks on programs written in memory unsafe languages. Dual stack schemes for protecting return addresses promise an efficient and effective defense against such attacks. By introducing a second, safe stack to separate return addresses from potentially unsafe stack objects, they prevent attacks that, for example, maliciously modify a return address by overflowing a buffer. However, the security of dual stacks is based on the concealment of the safe stack in memory. Unfortunately, all current dual stack schemes are vulnerable to information disclosure attacks that are able to reveal the safe stack location, and therefore effectively break their promised security properties. In this paper, we present a new, leak-resilient dual stack scheme capable of withstanding sophisticated information disclosure attacks. We…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
