StackGuard+ : Interoperable alternative to canary‐based protection of stack smashing
Kangmin Kim,Jeong‐Nyeo Kim,Seungkwang Lee
DOI: https://doi.org/10.1049/ell2.13310
2024-10-08
Electronics Letters
Abstract:The existing method of canary‐based stack protection can be bypassed by several buffer overflow attacks. This paper improves on the canary‐based protection without having to recompile the binary. This paper introduces a novel software‐based approach to enhancing stack smashing protection in C/C++ applications, specifically targeting return‐oriented programming attacks, which remain a significant threat to firmware and software security. Traditional canary‐based protections are vulnerable to brute‐force and format string attacks. Additionally, many stack protection mechanisms require access to the source code or recompilation, complicating the security of existing binaries. This paper proposes a new method, aptly named StackGuard+ , that modifies the canary‐based protection mechanism by altering the code responsible for canary insertion and verification. This change ensures the integrity of the return address while maintaining the original code size, allowing for seamless interoperability without the need for recompilation or additional hardware. The approach can be automated using a Python script, which modifies existing canary‐based binaries with only 26 bytes of machine code on the × 86‐64 platform. Moreover, this approach can be easily adapted to other platforms, including × 86 and ARM64.
engineering, electrical & electronic