Stack smashing is still one of the most popular techniques for computer system attack. In this paper we present an anti-stack-smashing defense technique for Microsoft Windows systems. Our approach works at install-time, and does not rely on having access to the source-code: The user decides when and which executables to vaccinate. Our technique consists of instrumenting a given executable with a mechanism to detect stack smashing attacks. We developed a prototype implementing our technique and verified that it successfully defends against actual exploit code. We then extended our prototype to vaccinate DLLs, multithreaded applications, and DLLs used by multi-threaded applications, which present significant additional complications. We present promising performance results measured on SPEC2000 benchmarks: Vaccinated executables were no more than 8% slower than their un-vaccinated originals. © 2004 by Springer Science+Business Media Dordrecht.
CITATION STYLE
Nebenzahl, D., & Wool, A. (2004). Install-time vaccination of windows executables to defend against stack smashing attacks. In IFIP Advances in Information and Communication Technology (Vol. 147, pp. 225–240). Springer New York LLC. https://doi.org/10.1007/1-4020-8143-x_15
Mendeley helps you to discover research relevant for your work.