Assessing the Impact of Efficiently Protecting Ten Million Stack Objects from Memory Errors Comprehensively

Kaiming Huang, Jack Sampson, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Despite extensive research on defenses, exploitations on stack memory errors remain a major concern. Previous work has focused primarily on protecting code pointers (e.g., return addresses), but stack data may be compromised due to spatial, type, and temporal memory errors. Recent work on the DATAGUARD system proposes an efficient defense for protecting a significant fraction of stack data from memory errors comprehensively. In this paper, we present an evaluation of DATAGUARD that encompasses several key aspects. Firstly, We assess its applicability and scalability by deploying it on 1,245 packages in Ubuntu 20.04. Secondly, we examine DATAGUARD's effectiveness in identifying and protecting stack data on the evaluation dataset-results show that DATAGUARD is able to protect 12.5 million stack objects, which is around 86% of the total stack objects in these packages. Thirdly, we examined the security enhancements offered by DATAGUARD by evaluating the fraction of protected control data, system calls, and function parameters, as well as the mitigation of real-world CVE exploits. Lastly, we compared the protection of DATAGUARD to CCured and Safe Stack, which shows that DATAGUARD greatly increased the number and fraction of safe stack objects on the analyzed Linux packages. The overall evaluation of DATAGUARD demonstrates the capability of achieving more comprehensive protection with low cost from enforcing lightweight isolation, thus enabling practical adoption to protect software against exploitations on stack memory errors in production environments.

Original languageEnglish (US)
Title of host publicationProceedings - 2023 IEEE Secure Development Conference, SecDev 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages67-74
Number of pages8
ISBN (Electronic)9798350331325
DOIs
StatePublished - 2023
Event2023 IEEE Secure Development Conference, SecDev 2023 - Atlanta, United States
Duration: Oct 18 2023Oct 20 2023

Publication series

NameProceedings - 2023 IEEE Secure Development Conference, SecDev 2023

Conference

Conference2023 IEEE Secure Development Conference, SecDev 2023
Country/TerritoryUnited States
CityAtlanta
Period10/18/2310/20/23

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Software

Cite this