Skip to content

zhilongwang/PolymorphicCanaries

Repository files navigation

To-Detect-Stack-Buffer-Overflow-With-Polymorphic-Canaries.

=======================================================.
A High Efficient Protection against Brute-force Attacks =======================================================.

Authors

Publications

If you use our code in your research, please cite our paper.

@inproceedings{polymorphiccanaries,
  author = {Z. Wang and X. Ding and C. Pang and J. Guo and J. Zhu and B. Mao},
  booktitle = {2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
  title = {To Detect Stack Buffer Overflow with Polymorphic Canaries},
  year = {2018},
  volume = {00},
  number = {},
  pages = {243-254},
  keywords={Security;Runtime;Instruments;Force;Tools;Instruction sets},
  doi = {10.1109/DSN.2018.00035},
  url = {doi.ieeecomputersociety.org/10.1109/DSN.2018.00035},
  ISSN = {2158-3927},
  month={Jun}
}

GCC Version

The GCC version is tested on Debian 10 with gcc-4.9/g++-4.9.

Install Dependency (gcc/g++, gcc--plugin-dev, build-essential)

  1. add following source to /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie main contrib 
  1. add key and update
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CBF8D6FD518E17E1
$ sudo apt-get update
  1. install gcc/g++, build-essential and gcc--plugin-dev
$ 
$ sudo apt install gcc-4.9 g++-4.9 gcc-4.9-plugin-dev build-essential

Build Plugin and Library

  1. build gcc plugin
$ cd GCC_PLUGIN
$ make
  1. build runtime library
$ cd Runtime_Environment/Binary_Based_Version/
$ make

Compile Your Program or Project

  1. For single file program, compile your application with the following (GNU GCC) flags:
$ gcc -fstack-protector-all -fplugin=<PROJECT_SOURCE_DIR>/GCC_PLUGIN/PolymorphicCanaries.so demo.c -o demo
  1. For large projects, adding
-fstack-protector-all -fplugin=<PROJECT_SOURCE_DIR>/GCC_PLUGIN/PolymorphicCanaries.so

to 'CFLAGS' or 'CXXFLAGS' through configure, makefile, or Cmakefile.

Run Compiled Program

LD_PRELOAD=<PROJECT_SOURCE_DIR>/Runtime_Environment/Binary_Based_Version/LIBPolymorphicCanaries.so ./demo

LLVM Version

LLVM Version is tested on llvm-6.0

Install Dependency (LLVM, Clang) and

  1. install llvm and clang
# sudo apt-get install llvm-6.0 clang-6.0

Build LLVM Pass and and Library

  1. build LLVM Pass
$ cd Compiler_based_Implementation/P-SSP
$ mkdir build && cd build
$ cmake ..
$ make
  1. Build Runtime Environment
# build runtime environment
$ cd /Runtime_Environment/Compiler_Based_Version/
$ make

Compile Your Program or Project

  1. For small program, compile your application with the following flags
$ clang -Xclang -load -Xclang <PROJECT_SOURCE_DIR>/Compiler_based_Implementation/P-SSP/libStackDoubleProtector.so demo.c -o demo
  1. For larger projects, adding
-Xclang -load -Xclang <PROJECT_SOURCE_DIR>/Compiler_based_Implementation/P-SSP/libStackDoubleProtector.so

to CFLAGS' or CXXFLAGS' through configure, makefile, or Cmakefile.

Run Compiled Program

LD_PRELOAD=<PROJECT_SOURCE_DIR>/Runtime_Environment/Compiler_Based_Version/LIBPolymorphicCanaries.so ./demo

Binary Rewriter Version

Dynamic Linked Binary

1 Build Instrumentor

$ cd Binary_based_implementation/dynamic linked proram/
$ make
  1. Build and install the customized GLIBC
  • Download a version of glibc which is compatible with your OS.
  • Replace the stack_chk_fail.c in GLIBC with a customized version stack_chk_fail.c.
  • Build and install the modified glibc.
  1. Rewrite your programs
$ ./Binary_based_implementation/dynamic linked proram/InstrumentationCode ./demo
  1. Run your program with PSSP
$ export LIB_LIBRARY_PATH=<CUSTOMIZED_GLIBC_LIB_DIR>/*.so
$ export LD_PRELOAD=<PROJECT_SOURCE_DIR>/Runtime_Environment/Binary_Based_Version/LIBPolymorphicCanaries.so
$ ./demo

Static Linked Binary

We provide a binary rewriter based on Dyninst for static linked programs. The implementation is located at Dyninst Tool.

A docker image.

We provide a docker image to quickly reproduce the environment (GCC PLUGIN VERSION).

$ sudo docker build -t pssp -f Dockerfile .
$ docker run -it pssp:latest /bin/bash
$ LD_PRELOAD=/home/PolymorphicCanaries/Runtime_Environment/Binary_Based_Version/LIBPolymorphicCanaries.so ./objs/nginx

About

Implementation of Polymorphic Canaries.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •