Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries

Abstract

A variety of countermeasures against memory corruption attacks have been proposed to implement within compilers, linkers, operating systems, and libraries. However, according to our survey, a certain number of executable binaries in Linux distributions are not protected by the countermeasures, even when the countermeasures are applied to these binaries. Further, the countermeasures have some problems including the way of application, the scope of attacks, and the runtime overhead. For example, some require source code or need to update the kernel or specific libraries. These requirements are not acceptable for everyone. In this paper, we propose an application-level loader called Safe Trans Loader (STL) that mitigates or prevents memory corruption attacks. The STL can be applied to already released executable binaries in an operational phase. Note that the STL replaces vulnerable library functions with safe substitute functions when it loads the protected binary. These safe substitute functions mitigate or prevent stack-based buffer overflow attacks, heap-based buffer overflow attacks, and use-after-free attacks. Since the STL has minimal dependencies on the execution environment, it does not require specific changes to the existing operating system or library. Further, through our evaluation, the runtime overhead of the STL is only 1.24%.