Abstract. The paper addresses the problem of stack smashing or stack overflows in modern operating systems. We focus on a security solution for this problem, namely compiler generated canary protection and, to be more specific, we consider the Stack Smashing Protector (SSP) present in the most popular C compiler, the GCC. We first analyze the limitations of the GCCs SSP and then present three improvements that will harden the security offered by the SSP making an attackers attempt more difficult. All improvements refer to the most recent version of GCC, 4.6.2
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Since 1998, StackGuard patches to GCC have been used to protect entire distributions from stack smas...
Software exploitation has been proven to be a lucrative business for cybercriminals. Unfortunately, ...
This paper presents a systematic solution to the per-sistent problem of buffer overflow attacks. Buf...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
Memory corruption vulnerabilities, such as stack-based buffer overflows, continue to be a major thre...
Stack shielding technologies have been developed to protect programs against exploitation of stack b...
International audienceFault attacks can target smart card programs to disrupt an execution and take ...
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow I...
Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the develop...
Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failur...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Abstract—Memory corruption bugs in software written in low-level languages like C or C++ are one of ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Since 1998, StackGuard patches to GCC have been used to protect entire distributions from stack smas...
Software exploitation has been proven to be a lucrative business for cybercriminals. Unfortunately, ...
This paper presents a systematic solution to the per-sistent problem of buffer overflow attacks. Buf...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
Memory corruption vulnerabilities, such as stack-based buffer overflows, continue to be a major thre...
Stack shielding technologies have been developed to protect programs against exploitation of stack b...
International audienceFault attacks can target smart card programs to disrupt an execution and take ...
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow I...
Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the develop...
Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failur...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Abstract—Memory corruption bugs in software written in low-level languages like C or C++ are one of ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...