Saved in:
Bibliographic Details
Main Author: Chong, Lei
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.16950
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908276838367232
author Chong, Lei
author_facet Chong, Lei
contents Stack-based memory corruption vulnerabilities have long been exploited by attackers to execute arbitrary code or perform unauthorized memory operations. Various defense mechanisms have been introduced to mitigate stack memory errors, but they typically focus on specific attack types, incur substantial performance overhead, or suffer from compatibility limitations.In this paper, we present CleanStack, an efficient, highly compatible, and comprehensive stack protection mech anism. CleanStack isolates stack objects influenced by external input from other safe stack objects, thereby preventing attackers from modifying return addresses via controlled stack objects. Additionally, by randomizing the placement of tainted stack objects within the Unclean Stack, CleanStack mitigates non control data attacks by preventing attackers from predicting the stack layout.A key component of CleanStack is the identifica tion of tainted stack objects. We analyze both static program analysis and heuristic methods for this purpose. To maximize compatibility, we adopt a heuristic approach and implement CleanStack within the LLVM compiler framework, applying it to SPEC CPU2017 benchmarks and a real-world application.Our security evaluation demonstrates that CleanStack significantly reduces the exploitability of stack-based memory errors by providing a dual-stack system with isolation and randomization. Performance evaluation results indicate that CleanStack incurs an execution overhead of only 1.73% on the SPEC CPU2017 benchmark while introducing a minimal memory overhead of just 0.04%. Compared to existing stack protection techniques, CleanStack achieves an optimal balance between protection coverage, runtime overhead, and compatibility, making it one of the most comprehensive and efficient stack security solutions to date.
format Preprint
id arxiv_https___arxiv_org_abs_2503_16950
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle CleanStack: A New Dual-Stack for Defending Against Stack-Based Memory Corruption Attacks
Chong, Lei
Cryptography and Security
Stack-based memory corruption vulnerabilities have long been exploited by attackers to execute arbitrary code or perform unauthorized memory operations. Various defense mechanisms have been introduced to mitigate stack memory errors, but they typically focus on specific attack types, incur substantial performance overhead, or suffer from compatibility limitations.In this paper, we present CleanStack, an efficient, highly compatible, and comprehensive stack protection mech anism. CleanStack isolates stack objects influenced by external input from other safe stack objects, thereby preventing attackers from modifying return addresses via controlled stack objects. Additionally, by randomizing the placement of tainted stack objects within the Unclean Stack, CleanStack mitigates non control data attacks by preventing attackers from predicting the stack layout.A key component of CleanStack is the identifica tion of tainted stack objects. We analyze both static program analysis and heuristic methods for this purpose. To maximize compatibility, we adopt a heuristic approach and implement CleanStack within the LLVM compiler framework, applying it to SPEC CPU2017 benchmarks and a real-world application.Our security evaluation demonstrates that CleanStack significantly reduces the exploitability of stack-based memory errors by providing a dual-stack system with isolation and randomization. Performance evaluation results indicate that CleanStack incurs an execution overhead of only 1.73% on the SPEC CPU2017 benchmark while introducing a minimal memory overhead of just 0.04%. Compared to existing stack protection techniques, CleanStack achieves an optimal balance between protection coverage, runtime overhead, and compatibility, making it one of the most comprehensive and efficient stack security solutions to date.
title CleanStack: A New Dual-Stack for Defending Against Stack-Based Memory Corruption Attacks
topic Cryptography and Security
url https://arxiv.org/abs/2503.16950