DEFENSIVE BINARY CODE INSTRUMENTATION TO PROTECT AGAINST BUFFER OVERFLOW ATTACKS
Authors
Rogers, Alexis L.
Sowers, Ryan
Subjects
buffer overflow
return oriented programming
ROP
gadget
return instruction pointer
stack canary
obfuscation
binary
return oriented programming
ROP
gadget
return instruction pointer
stack canary
obfuscation
binary
Advisors
Drusinsky, Doron
Date of Issue
2019-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Buffer overflow and heap overflow injection attacks have been studied for some time. Recent techniques to prevent execution of payloads inserted into memory have been successful by using stack canaries, non-executable stacks, and address space layout randomization (ASLR). Attackers now use a technique called return oriented programming to maliciously execute code without ever inserting such a payload into memory. They do so by identifying binary snippets in the original program that constitute a malicious procedure. There have been patches in place to help decrease the susceptibility to this type of attack, but what is needed is a permanent fix. We propose such a solution, applied directly to the compiled binary, consisting of a masking function to obfuscate the return address, an unmasking function (i.e., reversing the previous), and instrumenting code to perform these functions seamlessly. We implemented a proof of concept of our solution that prevents an unexpected address jump via binary return address obfuscation.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.