SI485H: Stack Based Binary Exploits (SP17)

Home Policy Calendar Units Assignments Resources

Summary 3: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks


  • Read the assigned paper.
  • You must turn in a typed summary of the paper that meets the following requirements.
    • It must be at least two paragraphs (but less than 2 pages)
    • The first paragraph should provide a summary of the technical contributions, including any measurements and results
    • The second paragraph should discuss an item you found surprising and an item you found lacking or insufficient
  • This summary is graded on a pass/fail basses. You may resubmit failing summaries until complete for full credit.

Summary Paper

Title: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks

Author(s): Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Janathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang

Venue: USENIX Security Symposium (Sec')

Year: 1998


This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notorietyin 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge. We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We describe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that tradeoff between penetration resistance and performance. We present experimental results of both the penetration resistance and the performance impact of this technique.