Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages

Hongjoo Jin; Sumin Yang; Moon Chan Park; Haehyun Cho; Dong Hoon Lee

doi:10.1007/978-3-031-65175-5_16

Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages

Hongjoo Jin, Sumin Yang, Moon Chan Park, Haehyun Cho, Dong Hoon Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Memory unsafe languages are still widely used in a lot of critical software such as operating system kernels and browsers, and thus, memory corruption attacks remain a significant threat. To mitigate the threat, various defense approaches have been proposed such as the Address Space Layout Randomization (ASLR) and Stack Canary. However, adversaries have demonstrated the capability to bypass them, which results in upgraded defense systems. To complement the ASLR, the stack isolation technique that conceals sensitive objects stored in stack memory by relocating them to a “safe region” was introduced. Nonetheless, advanced information disclosure attacks, such as Allocation Oracle, have been employed to discover the location of the safe region. In this work, we introduce Satellite as an effective and efficient approach for safeguarding the stack memory against memory vulnerabilities and information disclosure attacks. The proposed technique guarantees the safety of the return address stored in the safe region, protecting it from vulnerabilities like buffer overflows and information disclosure attacks. To easily support general C/C++ programs, we implemented Satellite in the LLVM compiler framework. To demonstrate the efficiency of Satellite, we applied Satellite to SPEC CPU2006, SPEC CPU2017, and the Nginx web server to assess the effectiveness of the proposed technique. The assessment findings indicate that Satellite incurs an average performance overhead of 0.29%

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings
Editors	Nikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, Konstantinos Markantonakis
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	221-235
Number of pages	15
ISBN (Print)	9783031651748
DOIs	https://doi.org/10.1007/978-3-031-65175-5_16
Publication status	Published - 2024
Event	39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024 - Edinburgh, United Kingdom Duration: 2024 Jun 12 → 2024 Jun 14

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	710
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024
Country/Territory	United Kingdom
City	Edinburgh
Period	24/6/12 → 24/6/14

Bibliographical note

Publisher Copyright:
© IFIP International Federation for Information Processing 2024.

Keywords

Data and applications security
In-process memory isolation
Information disclosure
Memory corruption
Stack protection

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-3-031-65175-5_16

Cite this

Jin, H., Yang, S., Park, M. C., Cho, H., & Lee, D. H. (2024). Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. In N. Pitropakis, S. Katsikas, S. Furnell, & K. Markantonakis (Eds.), ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings (pp. 221-235). (IFIP Advances in Information and Communication Technology; Vol. 710). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-65175-5_16

Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. / Jin, Hongjoo; Yang, Sumin; Park, Moon Chan et al.
ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings. ed. / Nikolaos Pitropakis; Sokratis Katsikas; Steven Furnell; Konstantinos Markantonakis. Springer Science and Business Media Deutschland GmbH, 2024. p. 221-235 (IFIP Advances in Information and Communication Technology; Vol. 710).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jin, H, Yang, S, Park, MC, Cho, H & Lee, DH 2024, Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. in N Pitropakis, S Katsikas, S Furnell & K Markantonakis (eds), ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings. IFIP Advances in Information and Communication Technology, vol. 710, Springer Science and Business Media Deutschland GmbH, pp. 221-235, 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024, Edinburgh, United Kingdom, 24/6/12. https://doi.org/10.1007/978-3-031-65175-5_16

Jin H, Yang S, Park MC, Cho H, Lee DH. Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. In Pitropakis N, Katsikas S, Furnell S, Markantonakis K, editors, ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 221-235. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-65175-5_16

Jin, Hongjoo ; Yang, Sumin ; Park, Moon Chan et al. / Satellite : Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings. editor / Nikolaos Pitropakis ; Sokratis Katsikas ; Steven Furnell ; Konstantinos Markantonakis. Springer Science and Business Media Deutschland GmbH, 2024. pp. 221-235 (IFIP Advances in Information and Communication Technology).

@inproceedings{bff94279279948169a8f105acd58cc32,

title = "Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages",

abstract = "Memory unsafe languages are still widely used in a lot of critical software such as operating system kernels and browsers, and thus, memory corruption attacks remain a significant threat. To mitigate the threat, various defense approaches have been proposed such as the Address Space Layout Randomization (ASLR) and Stack Canary. However, adversaries have demonstrated the capability to bypass them, which results in upgraded defense systems. To complement the ASLR, the stack isolation technique that conceals sensitive objects stored in stack memory by relocating them to a “safe region” was introduced. Nonetheless, advanced information disclosure attacks, such as Allocation Oracle, have been employed to discover the location of the safe region. In this work, we introduce Satellite as an effective and efficient approach for safeguarding the stack memory against memory vulnerabilities and information disclosure attacks. The proposed technique guarantees the safety of the return address stored in the safe region, protecting it from vulnerabilities like buffer overflows and information disclosure attacks. To easily support general C/C++ programs, we implemented Satellite in the LLVM compiler framework. To demonstrate the efficiency of Satellite, we applied Satellite to SPEC CPU2006, SPEC CPU2017, and the Nginx web server to assess the effectiveness of the proposed technique. The assessment findings indicate that Satellite incurs an average performance overhead of 0.29%",

keywords = "Data and applications security, In-process memory isolation, Information disclosure, Memory corruption, Stack protection",

author = "Hongjoo Jin and Sumin Yang and Park, {Moon Chan} and Haehyun Cho and Lee, {Dong Hoon}",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2024.; 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024 ; Conference date: 12-06-2024 Through 14-06-2024",

year = "2024",

doi = "10.1007/978-3-031-65175-5_16",

language = "English",

isbn = "9783031651748",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "221--235",

editor = "Nikolaos Pitropakis and Sokratis Katsikas and Steven Furnell and Konstantinos Markantonakis",

booktitle = "ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Satellite

T2 - 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024

AU - Jin, Hongjoo

AU - Yang, Sumin

AU - Park, Moon Chan

AU - Cho, Haehyun

AU - Lee, Dong Hoon

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2024.

PY - 2024

Y1 - 2024

N2 - Memory unsafe languages are still widely used in a lot of critical software such as operating system kernels and browsers, and thus, memory corruption attacks remain a significant threat. To mitigate the threat, various defense approaches have been proposed such as the Address Space Layout Randomization (ASLR) and Stack Canary. However, adversaries have demonstrated the capability to bypass them, which results in upgraded defense systems. To complement the ASLR, the stack isolation technique that conceals sensitive objects stored in stack memory by relocating them to a “safe region” was introduced. Nonetheless, advanced information disclosure attacks, such as Allocation Oracle, have been employed to discover the location of the safe region. In this work, we introduce Satellite as an effective and efficient approach for safeguarding the stack memory against memory vulnerabilities and information disclosure attacks. The proposed technique guarantees the safety of the return address stored in the safe region, protecting it from vulnerabilities like buffer overflows and information disclosure attacks. To easily support general C/C++ programs, we implemented Satellite in the LLVM compiler framework. To demonstrate the efficiency of Satellite, we applied Satellite to SPEC CPU2006, SPEC CPU2017, and the Nginx web server to assess the effectiveness of the proposed technique. The assessment findings indicate that Satellite incurs an average performance overhead of 0.29%

AB - Memory unsafe languages are still widely used in a lot of critical software such as operating system kernels and browsers, and thus, memory corruption attacks remain a significant threat. To mitigate the threat, various defense approaches have been proposed such as the Address Space Layout Randomization (ASLR) and Stack Canary. However, adversaries have demonstrated the capability to bypass them, which results in upgraded defense systems. To complement the ASLR, the stack isolation technique that conceals sensitive objects stored in stack memory by relocating them to a “safe region” was introduced. Nonetheless, advanced information disclosure attacks, such as Allocation Oracle, have been employed to discover the location of the safe region. In this work, we introduce Satellite as an effective and efficient approach for safeguarding the stack memory against memory vulnerabilities and information disclosure attacks. The proposed technique guarantees the safety of the return address stored in the safe region, protecting it from vulnerabilities like buffer overflows and information disclosure attacks. To easily support general C/C++ programs, we implemented Satellite in the LLVM compiler framework. To demonstrate the efficiency of Satellite, we applied Satellite to SPEC CPU2006, SPEC CPU2017, and the Nginx web server to assess the effectiveness of the proposed technique. The assessment findings indicate that Satellite incurs an average performance overhead of 0.29%

KW - Data and applications security

KW - In-process memory isolation

KW - Information disclosure

KW - Memory corruption

KW - Stack protection

UR - http://www.scopus.com/inward/record.url?scp=85200775831&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-65175-5_16

DO - 10.1007/978-3-031-65175-5_16

M3 - Conference contribution

AN - SCOPUS:85200775831

SN - 9783031651748

T3 - IFIP Advances in Information and Communication Technology

SP - 221

EP - 235

BT - ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Proceedings

A2 - Pitropakis, Nikolaos

A2 - Katsikas, Sokratis

A2 - Furnell, Steven

A2 - Markantonakis, Konstantinos

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 12 June 2024 through 14 June 2024

ER -