The Taming of the Stack: Isolating Stack Data from Memory Errors

Kaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, John Morgan Sampson, Gang Tan, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Despite vast research on defenses to protect stack objects from the exploitation of memory errors, much stack data remains at risk. Historically, stack defenses focus on the protection of code pointers, such as return addresses, but emerging techniques to exploit memory errors motivate the need for practical solutions to protect stack data objects as well. However, recent approaches provide an incomplete view of security by not accounting for memory errors comprehensively and by limiting the set of objects that can be protected unnecessarily. In this paper, we present the DATAGUARD system that identifies which stack objects are safe statically from spatial, type, and temporal memory errors to protect those objects efficiently. DATAGUARD improves security through a more comprehensive and accurate safety analysis that proves a larger number of stack objects are safe from memory errors, while ensuring that no unsafe stack objects are mistakenly classified as safe. DATAGUARD's analysis of server programs and the SPEC CPU2006 benchmark suite shows that DATAGUARD improves security by: (1) ensuring that no memory safety violations are possible for any stack objects classified as safe, removing 6.3% of the stack objects previously classified safe by the Safe Stack method, and (2) blocking exploit of all 118 stack vulnerabilities in the CGC Binaries. DATAGUARD extends the scope of stack protection by validating as safe over 70% of the stack objects classified as unsafe by the Safe Stack method, leading to an average of 91.45% of all stack objects that can only be referenced safely. By identifying more functions with only safe stack objects, DATAGUARD reduces the overhead of using Clang's Safe Stack defense for protection of the SPEC CPU2006 benchmarks from 11.3% to 4.3%. Thus, DATAGUARD shows that a comprehensive and accurate analysis can both increase the scope of stack data protection and reduce overheads.

Original languageEnglish (US)
Title of host publication29th Annual Network and Distributed System Security Symposium, NDSS 2022
PublisherThe Internet Society
ISBN (Electronic)1891562746, 9781891562747
DOIs
StatePublished - 2022
Event29th Annual Network and Distributed System Security Symposium, NDSS 2022 - Hybrid, San Diego, United States
Duration: Apr 24 2022Apr 28 2022

Publication series

Name29th Annual Network and Distributed System Security Symposium, NDSS 2022

Conference

Conference29th Annual Network and Distributed System Security Symposium, NDSS 2022
Country/TerritoryUnited States
CityHybrid, San Diego
Period4/24/224/28/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Cite this