Do we still need canaries in the coal mine? Measuring shadow stack effectiveness in countering stack smashing

• URL: http://arxiv.org/abs/2412.16343v1
• Date: Fri, 20 Dec 2024 21:08:17 GMT
• Title: Do we still need canaries in the coal mine? Measuring shadow stack effectiveness in countering stack smashing
• Authors: Hugo Depuydt, Merve Gülmez, Thomas Nyman, Jan Tobias Mühlberg,
• Abstract summary: We evaluate whether 64-bit x86 (x86-64) systems benefit from enabling stack canaries in addition to the x86-64 shadow stack enforcement.<n>We find that x86-64 shadow stack implementations are more effective and outperform stack canaries when combined with a stack-protector-like stack layout.
• Score: 1.9042151977387252
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Stack canaries and shadow stacks are widely deployed mitigations to memory-safety vulnerabilities. While stack canaries are introduced by the compiler and rely on sentry values placed between variables and control data, shadow stack implementations protect return addresses explicitly and rely on hardware features available in modern processor designs for efficiency. In this paper we hypothesize that stack canaries and shadow stacks provide similar levels of protections against sequential stack-based overflows. Based on the Juliet test suite, we evaluate whether 64-bit x86 (x86-64) systems benefit from enabling stack canaries in addition to the x86-64 shadow stack enforcement. We observe divergence in overflow detection rates between the GCC and Clang compilers and across optimization levels, which we attribute to differences in stack layouts generated by the compilers. We also find that x86-64 shadow stack implementations are more effective and outperform stack canaries when combined with a stack-protector-like stack layout. We implement and evaluate an enhancement to the Clang x86-64 shadow stack instrumentation that improves the shadow stack detection accuracy based on this observation.

Related papers

• CleanStack: A New Dual-Stack for Defending Against Stack-Based Memory Corruption Attacks [0.0]
  CleanStack is an efficient, highly compatible, and comprehensive stack protection system. CleanStack isolates stack objects influenced by external input from other safe stack objects. It mitigates non control data attacks by preventing attackers from predicting the stack layout.
  arXiv  Detail & Related papers  (2025-03-21T08:55:17Z)
• FullStack Bench: Evaluating LLMs as Full Stack Coders [108.63536080569877]
  FullStack Bench focuses on full-stack programming, which encompasses a wide range of application domains.<n>To assess multilingual programming capabilities, in FullStack Bench, we design real-world instructions and corresponding unit test cases from 16 widely-used programming languages.
  arXiv  Detail & Related papers  (2024-11-30T16:58:42Z)
• BitStack: Fine-Grained Size Control for Compressed Large Language Models in Variable Memory Environments [53.71158537264695]
  Large language models (LLMs) have revolutionized numerous applications, yet their deployment remains challenged by memory constraints on local devices. We introduce textbfBitStack, a novel, training-free weight compression approach that enables megabyte-level trade-offs between memory usage and model performance.
  arXiv  Detail & Related papers  (2024-10-31T13:26:11Z)
• Breaking the Memory Barrier: Near Infinite Batch Size Scaling for Contrastive Loss [59.835032408496545]
  We propose a tile-based strategy that partitions the contrastive loss calculation into arbitrary small blocks. We also introduce a multi-level tiling strategy to leverage the hierarchical structure of distributed systems. Compared to SOTA memory-efficient solutions, it achieves a two-order-of-magnitude reduction in memory while maintaining comparable speed.
  arXiv  Detail & Related papers  (2024-10-22T17:59:30Z)
• Breaking Bad: How Compilers Break Constant-Time~Implementations [12.486727810118497]
  We investigate how compilers break protections introduced by defensive programming techniques. We run a large-scale experiment to see if such compiler-induced issues manifest in state-of-the-art cryptographic libraries. Our study reveals that several compiler-induced secret-dependent operations occur within some of the most highly regarded cryptographic libraries.
  arXiv  Detail & Related papers  (2024-10-17T12:34:02Z)
• DeTRAP: RISC-V Return Address Protection With Debug Triggers [20.807256514935084]
  DeTRAP provides a write-protected shadow stack for return addresses. It requires no memory protection hardware and only minor changes to the compiler toolchain.
  arXiv  Detail & Related papers  (2024-08-30T12:42:54Z)
• CAMP: Compiler and Allocator-based Heap Memory Protection [23.84729234219481]
  We present CAMP, a new sanitizer for detecting and capturing heap memory corruption. CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation. Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.
  arXiv  Detail & Related papers  (2024-06-04T19:37:41Z)
• Mayhem: Targeted Corruption of Register and Stack Variables [4.5205468816535594]
  We show how Rowhammer can be exploited to inject faults into stack variables and even register values in a victim's process. We achieve this by targeting the register value that is stored in the process's stack, which subsequently is flushed out into the memory. We show that stack and registers are no longer safe from the Rowhammer attack.
  arXiv  Detail & Related papers  (2023-09-05T19:31:49Z)
• HDCC: A Hyperdimensional Computing compiler for classification on embedded systems and high-performance computing [58.720142291102135]
  This work introduces the name compiler, the first open-source compiler that translates high-level descriptions of HDC classification methods into optimized C code. name is designed like a modern compiler, featuring an intuitive and descriptive input language, an intermediate representation (IR), and a retargetable backend. To substantiate these claims, we conducted experiments with HDCC on several of the most popular datasets in the HDC literature.
  arXiv  Detail & Related papers  (2023-04-24T19:16:03Z)
• LoopStack: a Lightweight Tensor Algebra Compiler Stack [61.04098601022665]
  LoopStack is a domain specific compiler stack for tensor operations. It generates machine code that matches and frequently exceeds the performance of in state-of-the-art machine learning frameworks. It has a very small memory footprint - a binary size of 245KB, and under 30K lines of effective code makes it ideal for use on mobile and embedded devices.
  arXiv  Detail & Related papers  (2022-05-02T01:57:58Z)
• Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection [142.24869736769432]
  Adversarial patch attacks pose a serious threat to state-of-the-art object detectors. We propose Segment and Complete defense (SAC), a framework for defending object detectors against patch attacks. We show SAC can significantly reduce the targeted attack success rate of physical patch attacks.
  arXiv  Detail & Related papers  (2021-12-08T19:18:48Z)
• Differentiate Everything with a Reversible Embeded Domain-Specific Language [0.0]
  Reverse-mode automatic differentiation (AD) suffers from the issue of having too much space overhead to trace back intermediate computational states for back-propagation. We propose to use reverse computing to trace back states by designing and implementing a reversible programming e. The absence of implicit stack operations makes the program compatible with existing compiler features.
  arXiv  Detail & Related papers  (2020-03-10T10:16:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.