Stack-based memory corruption vulnerabilities have long been exploited by attackers to execute arbitrary code or perform unauthorized memory operations. Various defense mechanisms have been introduced to mitigate stack memory errors, but they typically focus on specific attack types, incur substantial performance overhead, or suffer from compatibility limitations.In this paper, we present CleanStack, an efficient, highly compatible, and comprehensive stack protection mech anism. CleanStack isolates stack objects influenced by external input from other safe stack objects, thereby preventing attackers from modifying return addresses via controlled stack objects. Additionally, by randomizing the placement of tainted stack objects within the Unclean Stack, CleanStack mitigates non control data attacks by preventing attackers from predicting the stack layout.A key component of CleanStack is the identifica tion of tainted stack objects. We analyze both static program analysis and heuristic methods for this purpose. To maximize compatibility, we adopt a heuristic approach and implement CleanStack within the LLVM compiler framework, applying it to SPEC CPU2017 benchmarks and a real-world application.Our security evaluation demonstrates that CleanStack significantly reduces the exploitability of stack-based memory errors by providing a dual-stack system with isolation and randomization. Performance evaluation results indicate that CleanStack incurs an execution overhead of only 1.73% on the SPEC CPU2017 benchmark while introducing a minimal memory overhead of just 0.04%. Compared to existing stack protection techniques, CleanStack achieves an optimal balance between protection coverage, runtime overhead, and compatibility, making it one of the most comprehensive and efficient stack security solutions to date.
翻译:基于堆栈的内存损坏漏洞长期以来被攻击者利用来执行任意代码或进行未授权的内存操作。尽管已引入多种防御机制来缓解堆栈内存错误,但这些机制通常仅针对特定攻击类型,导致显著的性能开销,或存在兼容性限制。本文提出CleanStack,一种高效、高兼容性且全面的堆栈保护机制。CleanStack将受外部输入影响的堆栈对象与其他安全的堆栈对象隔离,从而防止攻击者通过受控的堆栈对象修改返回地址。此外,通过在“污染栈”中随机化受污染堆栈对象的布局,CleanStack能够阻止攻击者预测堆栈结构,从而缓解非控制数据攻击。CleanStack的关键组成部分是污染堆栈对象的识别。为此,我们分析了静态程序分析和启发式方法。为了最大化兼容性,我们采用启发式方法,并在LLVM编译器框架中实现了CleanStack,并将其应用于SPEC CPU2017基准测试程序和一个实际应用程序。我们的安全评估表明,CleanStack通过提供具有隔离和随机化功能的双栈系统,显著降低了基于堆栈的内存错误的可利用性。性能评估结果显示,CleanStack在SPEC CPU2017基准测试上仅产生1.73%的执行开销,同时仅引入0.04%的极小内存开销。与现有的堆栈保护技术相比,CleanStack在保护覆盖范围、运行时开销和兼容性之间实现了最佳平衡,使其成为迄今为止最全面、最高效的堆栈安全解决方案之一。