| Title | Supplementing Modern Software Defenses with Stack-Pointer Sanity |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Quach, Anh, Cole, Matthew, Prakash, Aravind |
| Conference Name | Proceedings of the 33rd Annual Computer Security Applications Conference |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5345-8 |
| Keywords | composability, Human Behavior, human factors, pubcrawl, resilience, Resiliency, return oriented programming, Scalability |
| Abstract | The perpetual cat-and-mouse game between attackers and software defenders has highlighted the need for strong and robust security. With performance as a key concern, most modern defenses focus on control-flow integrity (CFI), a program property that requires runtime execution of a program to adhere to a statically determined control-flow graph (CFG). Despite its success in preventing traditional return-oriented programming (ROP), CFI is known to be ineffective against modern attacks that adhere to a statically recovered CFG (e.g., COOP). This paper introduces stack-pointer integrity (SPI) as a means to supplement CFI and other modern defense techniques. Due to its ability to influence indirect control targets, stack pointer is a key artifact in attacks. We define SPI as a property comprising of two key sub-properties - Stack Localization and Stack Conservation - and implement a LLVM-based compiler prototype codenamed SPIglass that enforces SPI. We demonstrate a low implementation overhead and incremental deployability, two of the most desirable features for practical deployment. Our performance experiments show that the overhead of our defense is low in practice. We opensource SPIglass for the benefit of the community. |
| URL | http://doi.acm.org/10.1145/3134600.3134641 |
| DOI | 10.1145/3134600.3134641 |
| Citation Key | quach_supplementing_2017 |
Supplementing Modern Software Defenses with Stack-Pointer Sanity