TY - GEN
T1 - The Taming of the Stack
T2 - 29th Annual Network and Distributed System Security Symposium, NDSS 2022
AU - Huang, Kaiming
AU - Huang, Yongzhe
AU - Payer, Mathias
AU - Qian, Zhiyun
AU - Sampson, John Morgan
AU - Tan, Gang
AU - Jaeger, Trent
N1 - Publisher Copyright:
© 2022 29th Annual Network and Distributed System Security Symposium, NDSS 2022. All Rights Reserved.
PY - 2022
Y1 - 2022
N2 - Despite vast research on defenses to protect stack objects from the exploitation of memory errors, much stack data remains at risk. Historically, stack defenses focus on the protection of code pointers, such as return addresses, but emerging techniques to exploit memory errors motivate the need for practical solutions to protect stack data objects as well. However, recent approaches provide an incomplete view of security by not accounting for memory errors comprehensively and by limiting the set of objects that can be protected unnecessarily. In this paper, we present the DATAGUARD system that identifies which stack objects are safe statically from spatial, type, and temporal memory errors to protect those objects efficiently. DATAGUARD improves security through a more comprehensive and accurate safety analysis that proves a larger number of stack objects are safe from memory errors, while ensuring that no unsafe stack objects are mistakenly classified as safe. DATAGUARD's analysis of server programs and the SPEC CPU2006 benchmark suite shows that DATAGUARD improves security by: (1) ensuring that no memory safety violations are possible for any stack objects classified as safe, removing 6.3% of the stack objects previously classified safe by the Safe Stack method, and (2) blocking exploit of all 118 stack vulnerabilities in the CGC Binaries. DATAGUARD extends the scope of stack protection by validating as safe over 70% of the stack objects classified as unsafe by the Safe Stack method, leading to an average of 91.45% of all stack objects that can only be referenced safely. By identifying more functions with only safe stack objects, DATAGUARD reduces the overhead of using Clang's Safe Stack defense for protection of the SPEC CPU2006 benchmarks from 11.3% to 4.3%. Thus, DATAGUARD shows that a comprehensive and accurate analysis can both increase the scope of stack data protection and reduce overheads.
AB - Despite vast research on defenses to protect stack objects from the exploitation of memory errors, much stack data remains at risk. Historically, stack defenses focus on the protection of code pointers, such as return addresses, but emerging techniques to exploit memory errors motivate the need for practical solutions to protect stack data objects as well. However, recent approaches provide an incomplete view of security by not accounting for memory errors comprehensively and by limiting the set of objects that can be protected unnecessarily. In this paper, we present the DATAGUARD system that identifies which stack objects are safe statically from spatial, type, and temporal memory errors to protect those objects efficiently. DATAGUARD improves security through a more comprehensive and accurate safety analysis that proves a larger number of stack objects are safe from memory errors, while ensuring that no unsafe stack objects are mistakenly classified as safe. DATAGUARD's analysis of server programs and the SPEC CPU2006 benchmark suite shows that DATAGUARD improves security by: (1) ensuring that no memory safety violations are possible for any stack objects classified as safe, removing 6.3% of the stack objects previously classified safe by the Safe Stack method, and (2) blocking exploit of all 118 stack vulnerabilities in the CGC Binaries. DATAGUARD extends the scope of stack protection by validating as safe over 70% of the stack objects classified as unsafe by the Safe Stack method, leading to an average of 91.45% of all stack objects that can only be referenced safely. By identifying more functions with only safe stack objects, DATAGUARD reduces the overhead of using Clang's Safe Stack defense for protection of the SPEC CPU2006 benchmarks from 11.3% to 4.3%. Thus, DATAGUARD shows that a comprehensive and accurate analysis can both increase the scope of stack data protection and reduce overheads.
UR - http://www.scopus.com/inward/record.url?scp=85141907212&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141907212&partnerID=8YFLogxK
U2 - 10.14722/NDSS.2022.23060
DO - 10.14722/NDSS.2022.23060
M3 - Conference contribution
AN - SCOPUS:85141907212
T3 - 29th Annual Network and Distributed System Security Symposium, NDSS 2022
BT - 29th Annual Network and Distributed System Security Symposium, NDSS 2022
PB - The Internet Society
Y2 - 24 April 2022 through 28 April 2022
ER -