AN EXPERIMENTAL STACK ATTACKS DETECTION AND RECOVERY FRAMEWORK USING AGENTS, CHECKPOINTS AND ROLLBACK

  • I. Agaji
  • H. Mikailu
  • A. S. Kile
Keywords: Checkpoints, Rollback, Kernel protected agent, Control stack, Stack smashing attacks

Abstract

Stack based attacks are on the increase. This work generally studied stack-based vulnerabilities and attacks and focused on attacks which   employ the modification of return addresses used by control stacks. A control stack keeps track of the point in which a function returns control to after its execution. We proposed a framework that mitigates control stack attacks which utilizes kernel-controlled agent, checkpoints and rollback mechanisms. In the framework once a function is called the same return address (RA) is pushed to the control stack and also passed to the kernel-controlled agent. When a function call terminates the RA in the control stack is popped and passed to the kernel protected agent for comparison and if there is any disparity in the values of the RAs then there is an attack. In such cases the kernel protected agent directs execution of the process to stack at the latest checkpoint. The framework was implemented using Java Netbeans 7.2.1. Experimental results of the framework indicated successful detection of attacks and rollbacks in case of the attacks. Rollback indicated recovery from the attacks.

References

Alam, M., Johri, P., & Rastogi, R.(2010). Buffer overrun: techniques of attacks and its prevention. International Journal of Computer Science and Engineering, 1(3): 1-6.

Baratloo, A., Singh, N., & Tsai, T. (2000). Transparent run-time defense against stack smashing attacks. In USENIX 2000 Annual Technical Conference Proceedings, San Diego, CA.

Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P. & Zhang, Q. (1998). Stack-Guard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. of the 7th USENIX Security Symp., San Antonio, TX.

Francillon, A., Perito, D., & Castelluccia, C.(2009). Defending embedded systems against control flow attacks. http://s3.eurecom.fr/docs/secucode09_francillon.pdf. Retrieved 7th December 2018.

Leon, E., & Bruda, S.D.(2016). Counter-measures against stack buffer overflows in GNU/Linux operating system. Procedia Computer science, 83(2016): 1301-1306.

Mansour, S., & Amir, K.(2010). Intrusion detection based on rule extraction from dynamic cell structure neural networks. Majlesi Journal of Electrical Engineering, 4(4): 24-34.

Mirdula, S., & Manivannan, D. (2013). Security vulnerabilities in web applications – an attack perspective. International Journal of Engineering and Technology, 5(2):1806-1811.

Murugan, P. V. & Alagarsamy, K. (2011). Buffer overflow attack – vulnerability in stack. International Journal of Computer Applications, 13(5): 1-2.

Patil, S. S. & Chavan, R.K. (2017). Web browser security: different attacks detection and prevention techniques. International Journal of Computer Applications, 170 (9): 35-41.

Published
2023-03-30
How to Cite
AgajiI., MikailuH., & KileA. S. (2023). AN EXPERIMENTAL STACK ATTACKS DETECTION AND RECOVERY FRAMEWORK USING AGENTS, CHECKPOINTS AND ROLLBACK. FUDMA JOURNAL OF SCIENCES, 3(1), 49 - 55. Retrieved from https://fjs.fudutsinma.edu.ng/index.php/fjs/article/view/1426