Abstract—StackArmor is a comprehensive protection technique
for stack-based memory error vulnerabilities in binaries. It
relies on binary analysis and rewriting strategies to drastically reduce
the uniquely high spatial and temporal memory predictability
of traditional call stack organizations. Unlike prior solutions,
StackArmor can protect against arbitrary stack-based attacks,
requires no access to the source code, and offers a policy-driven
protection strategy that allows end users to tune the securityperformance
tradeoff according to their needs. We present an
implementation of StackArmor for x86 64 Linux and provide a
detailed experimental analysis of our prototype on popular server
programs and standard benchmarks (SPEC CPU2006). Our
results demonstrate that StackArmor offers better security than
prior binary- and source-level approaches, at the cost of only modest
performance and memory overhead even with full protection.
more here.......http://www.few.vu.nl/~da.andriesse/papers/ndss-2015.pdf
for stack-based memory error vulnerabilities in binaries. It
relies on binary analysis and rewriting strategies to drastically reduce
the uniquely high spatial and temporal memory predictability
of traditional call stack organizations. Unlike prior solutions,
StackArmor can protect against arbitrary stack-based attacks,
requires no access to the source code, and offers a policy-driven
protection strategy that allows end users to tune the securityperformance
tradeoff according to their needs. We present an
implementation of StackArmor for x86 64 Linux and provide a
detailed experimental analysis of our prototype on popular server
programs and standard benchmarks (SPEC CPU2006). Our
results demonstrate that StackArmor offers better security than
prior binary- and source-level approaches, at the cost of only modest
performance and memory overhead even with full protection.
more here.......http://www.few.vu.nl/~da.andriesse/papers/ndss-2015.pdf