StackOFFence: A technique for defending against buffer overflow attacks

Bharat B. Madan, Shashi Phoha, Kishor S. Trivedi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations


Software coding practices, in the interest of efficiency, often ignore to enforce strict bound checking on buffers, arrays and pointers. This results in software code that is more vulnerable to security intrusions exploiting buffer overflow vulnerabilities. Unfortunately, such attacks form the most common type of security threats to the computer and information systems, making it imperative to find efficient solutions for the buffer overflow vulnerabilities. Typically, an attacker is able to affect a successful intrusion by causing buffer overflow in the stack frame of a function call, thereby causing the valid return address to get overwritten by a malicious value. This allows the attacker to redirect the return from a function call to a malicious piece of code introduced by the attacker. Depending on the nature of the malicious code, the attacker is able to compromise availability, integrity, or confidentiality of a system. Researchers have suggested transforming the return address or even using an entirely separate stack for managing the return addresses. This paper describes a simple technique that ensures the integrity of the return address by pushing on the stack two copies of the return address, a transformed (or encrypted) return address value along with the original one. Before popping the return address, two return address values are compared to detect any malicious activity, thus preventing the exploitation of the stack based buffer overflow vulnerabilities. The proposed modification may be implemented at the CPU architecture level or by simple modification to the compiler's prologue and epilogue code.

Original languageEnglish (US)
Title of host publicationProceedings ITCC 2005 - International Conference on Information Technology
Subtitle of host publicationCoding and Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Print)0769523153, 9780769523156
StatePublished - 2005
EventITCC 2005 - International Conference on Information Technology: Coding and Computing - Las Vegas, NV, United States
Duration: Apr 4 2005Apr 6 2005

Publication series

NameInternational Conference on Information Technology: Coding and Computing, ITCC


OtherITCC 2005 - International Conference on Information Technology: Coding and Computing
Country/TerritoryUnited States
CityLas Vegas, NV

All Science Journal Classification (ASJC) codes

  • General Engineering


Dive into the research topics of 'StackOFFence: A technique for defending against buffer overflow attacks'. Together they form a unique fingerprint.

Cite this