Renew Stack Smashing Protector (brief)
| Title: | Preventing brute force attacks against stack canary protection on networking servers |
| Inventors: | Hector Marco & Ismael Ripoll |
| Date: | August 2013 |
| Status: | Patentability analysis |
| Comment: | A new Stack Smashing Protector design to prevent brute force attacks against the SSP with a negligible cost |
| Website: | http://hmarco.org/renewssp |
Description
During my PhD research, I have been working on several protection
mechanisms at low level. The RenewSSP is a new protection technique
which is part of my PhD thesis. This new prevention technique greatly
enhances the efficiency of the Stack Smashing Protector (SSP) which:
- Eliminates brute force attacks against the
canary. Specially the very dangerous SSP
byte-for-byte attack is not longer possible.
- The attacker is not able to attack first the stack canary and later the ASLR.
The attack can not be split increasing the effectiveness of
the ASLR. It has a multiplicative effect.
- The overhead is negligible, and zero cost during the execution
of the application.
- No need to modify the applications (binary or source).
- No need to modify neither the complier nor the kernel.
- Its use can be as simple a pre-loading a small library in GNU/Linux, before the
protected application.
- Tested on several network servers like Apache, Lighttpd, Samba, LibreOffice,
java Open JDK interpreter, etc.
- RenewSSP can be supported by most modern operating systems like
GNU/Linux, Windows, OS X and Android.
Hector Marco - http://hmarco.org