DiffGuard: Obscuring sensitive information in canary based protections

Jun Zhu; Weiping Zhou; Zhilong Wang; Dongliang Mu; Bing Mao

doi:10.1007/978-3-319-78813-5_39

DiffGuard: Obscuring sensitive information in canary based protections

Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, Bing Mao

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Memory Corruption attacks have monopolized the headlines in the security research community for the past two decades. NX/XD, ASLR, and canary-based protections have been introduced to defend effectively against memory corruption attacks. Most of these techniques rely on keeping secret in some key information needed by the attackers to build the exploit. Unfortunately, due to the inherent limitations of these defenses, it is relatively difficult to restrain trained attackers to find those secrets and create effective exploits. Through an information disclosure vulnerability, attackers could leak stack data of the runtime process and scan out canary word without crashing the program. We present DiffGuard, a modification of the canary based protections which eliminates stack sweep attacks against the canary and proposes a more robust countermeasures against the byte-by-byte discovery of stack canaries in forking programs. We have implemented a compiler-based DiffGuard which consists of a plugin for the GCC and a PIC dynamic shared library that gets linked with the running application via LD PRELOAD. DiffGuard incurs an average runtime overhead of 3.2%, meanwhile, ensures application correctness and seamless integration with third-party software.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings
Editors	Ali Ghorbani, Xiaodong Lin, Kui Ren, Sencun Zhu, Aiqing Zhang
Publisher	Springer Verlag
Pages	738-751
Number of pages	14
ISBN (Print)	9783319788128
DOIs	https://doi.org/10.1007/978-3-319-78813-5_39
State	Published - 2018
Event	13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada Duration: Oct 22 2017 → Oct 25 2017

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	238
ISSN (Print)	1867-8211

Other

Other	13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
Country/Territory	Canada
City	[state] ON
Period	10/22/17 → 10/25/17

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Access to Document

10.1007/978-3-319-78813-5_39

Cite this

Zhu, J., Zhou, W., Wang, Z., Mu, D., & Mao, B. (2018). DiffGuard: Obscuring sensitive information in canary based protections. In A. Ghorbani, X. Lin, K. Ren, S. Zhu, & A. Zhang (Eds.), Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings (pp. 738-751). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 238). Springer Verlag. https://doi.org/10.1007/978-3-319-78813-5_39

Zhu, Jun ; Zhou, Weiping ; Wang, Zhilong et al. / DiffGuard : Obscuring sensitive information in canary based protections. Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. editor / Ali Ghorbani ; Xiaodong Lin ; Kui Ren ; Sencun Zhu ; Aiqing Zhang. Springer Verlag, 2018. pp. 738-751 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{a79cede9ba244a7db540aba7a97765ce,

title = "DiffGuard: Obscuring sensitive information in canary based protections",

abstract = "Memory Corruption attacks have monopolized the headlines in the security research community for the past two decades. NX/XD, ASLR, and canary-based protections have been introduced to defend effectively against memory corruption attacks. Most of these techniques rely on keeping secret in some key information needed by the attackers to build the exploit. Unfortunately, due to the inherent limitations of these defenses, it is relatively difficult to restrain trained attackers to find those secrets and create effective exploits. Through an information disclosure vulnerability, attackers could leak stack data of the runtime process and scan out canary word without crashing the program. We present DiffGuard, a modification of the canary based protections which eliminates stack sweep attacks against the canary and proposes a more robust countermeasures against the byte-by-byte discovery of stack canaries in forking programs. We have implemented a compiler-based DiffGuard which consists of a plugin for the GCC and a PIC dynamic shared library that gets linked with the running application via LD PRELOAD. DiffGuard incurs an average runtime overhead of 3.2%, meanwhile, ensures application correctness and seamless integration with third-party software.",

author = "Jun Zhu and Weiping Zhou and Zhilong Wang and Dongliang Mu and Bing Mao",

note = "Funding Information: We would like to thank Theofilos Petsios et al. for their open source implementation of DynaGuard which helps ours quickly getting start of out work. When we have trouble in using SPEC CPU2006, Theofilos Petsios give us some advice. This work was supported in part by grants from the Chinese National Natural Science Foundation (61272078). Funding Information: Acknowledgments. We would like to thank Theofilos Petsios et al. for their open source implementation of DynaGuard which helps ours quickly getting start of out work. When we have trouble in using SPEC CPU2006, Theofilos Petsios give us some advice. This work was supported in part by grants from the Chinese National Natural Science Foundation (61272078). Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.; 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 ; Conference date: 22-10-2017 Through 25-10-2017",

year = "2018",

doi = "10.1007/978-3-319-78813-5_39",

language = "English (US)",

isbn = "9783319788128",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "738--751",

editor = "Ali Ghorbani and Xiaodong Lin and Kui Ren and Sencun Zhu and Aiqing Zhang",

booktitle = "Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings",

address = "Germany",

}

Zhu, J, Zhou, W, Wang, Z, Mu, D & Mao, B 2018, DiffGuard: Obscuring sensitive information in canary based protections. in A Ghorbani, X Lin, K Ren, S Zhu & A Zhang (eds), Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 238, Springer Verlag, pp. 738-751, 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017, [state] ON, Canada, 10/22/17. https://doi.org/10.1007/978-3-319-78813-5_39

DiffGuard: Obscuring sensitive information in canary based protections. / Zhu, Jun; Zhou, Weiping; Wang, Zhilong et al.
Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. ed. / Ali Ghorbani; Xiaodong Lin; Kui Ren; Sencun Zhu; Aiqing Zhang. Springer Verlag, 2018. p. 738-751 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 238).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - DiffGuard

T2 - 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017

AU - Zhu, Jun

AU - Zhou, Weiping

AU - Wang, Zhilong

AU - Mu, Dongliang

AU - Mao, Bing

N1 - Funding Information: We would like to thank Theofilos Petsios et al. for their open source implementation of DynaGuard which helps ours quickly getting start of out work. When we have trouble in using SPEC CPU2006, Theofilos Petsios give us some advice. This work was supported in part by grants from the Chinese National Natural Science Foundation (61272078). Funding Information: Acknowledgments. We would like to thank Theofilos Petsios et al. for their open source implementation of DynaGuard which helps ours quickly getting start of out work. When we have trouble in using SPEC CPU2006, Theofilos Petsios give us some advice. This work was supported in part by grants from the Chinese National Natural Science Foundation (61272078). Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.

PY - 2018

Y1 - 2018

N2 - Memory Corruption attacks have monopolized the headlines in the security research community for the past two decades. NX/XD, ASLR, and canary-based protections have been introduced to defend effectively against memory corruption attacks. Most of these techniques rely on keeping secret in some key information needed by the attackers to build the exploit. Unfortunately, due to the inherent limitations of these defenses, it is relatively difficult to restrain trained attackers to find those secrets and create effective exploits. Through an information disclosure vulnerability, attackers could leak stack data of the runtime process and scan out canary word without crashing the program. We present DiffGuard, a modification of the canary based protections which eliminates stack sweep attacks against the canary and proposes a more robust countermeasures against the byte-by-byte discovery of stack canaries in forking programs. We have implemented a compiler-based DiffGuard which consists of a plugin for the GCC and a PIC dynamic shared library that gets linked with the running application via LD PRELOAD. DiffGuard incurs an average runtime overhead of 3.2%, meanwhile, ensures application correctness and seamless integration with third-party software.

AB - Memory Corruption attacks have monopolized the headlines in the security research community for the past two decades. NX/XD, ASLR, and canary-based protections have been introduced to defend effectively against memory corruption attacks. Most of these techniques rely on keeping secret in some key information needed by the attackers to build the exploit. Unfortunately, due to the inherent limitations of these defenses, it is relatively difficult to restrain trained attackers to find those secrets and create effective exploits. Through an information disclosure vulnerability, attackers could leak stack data of the runtime process and scan out canary word without crashing the program. We present DiffGuard, a modification of the canary based protections which eliminates stack sweep attacks against the canary and proposes a more robust countermeasures against the byte-by-byte discovery of stack canaries in forking programs. We have implemented a compiler-based DiffGuard which consists of a plugin for the GCC and a PIC dynamic shared library that gets linked with the running application via LD PRELOAD. DiffGuard incurs an average runtime overhead of 3.2%, meanwhile, ensures application correctness and seamless integration with third-party software.

UR - http://www.scopus.com/inward/record.url?scp=85045991698&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045991698&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-78813-5_39

DO - 10.1007/978-3-319-78813-5_39

M3 - Conference contribution

AN - SCOPUS:85045991698

SN - 9783319788128

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 738

EP - 751

BT - Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings

A2 - Ghorbani, Ali

A2 - Lin, Xiaodong

A2 - Ren, Kui

A2 - Zhu, Sencun

A2 - Zhang, Aiqing

PB - Springer Verlag

Y2 - 22 October 2017 through 25 October 2017

ER -

Zhu J, Zhou W, Wang Z, Mu D, Mao B. DiffGuard: Obscuring sensitive information in canary based protections. In Ghorbani A, Lin X, Ren K, Zhu S, Zhang A, editors, Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. Springer Verlag. 2018. p. 738-751. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-78813-5_39

DiffGuard: Obscuring sensitive information in canary based protections

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this