] Projects: Libsafe
]
] Protecting Critical Elements of Stacks
]
] The exploitation of buffer overflow and format string
] vulnerabilities in process stacks constitutes a
] significant portion of security attacks in recent years.
] We present a new method to detect and handle such
] attacks. In contrast to previous work, our method does
] not require any modification to the operating system and
] works with existing binary programs. Our method does not
] require access to the source code of defective programs,
] nor does it require recompilation or off-line processing
] of binaries. Furthermore, it can be implemented on a
] system-wide basis transparently. Our solution is based on
] a middleware software layer that intercepts all function
] calls made to library functions that are known to be
] vulnerable. A substitute version of the corresponding
] function implements the original functionality, but in a
] manner that ensures that any buffer overflows are
] contained within the current stack frame, thus,
] preventing attackers from 'smashing' (overwriting) the
] return address and hijacking the control flow of a
] running program. We have implemented our solution on
] Linux as a dynamically loadable library called libsafe.
] Libsafe has demonstrated its ability to detect and
] prevent several known attacks, but its real benefit, we
] believe, is its ability to prevent yet unknown attacks.
] Experiments indicate that the performance overhead of
] libsafe is negligible.

Avaya Labs Research - Projects: Libsafe