next up previous
Next: Bibliography Up: Protecting from stack-smashing attacks Previous: Evaluation


Conclusions

We have described the stack area where the control of an application can be captured by a stack-smashing attack. We have described our protection method, which protects the location of the previous frame pointer, the arguments, and the local variables.

Our method achieves good performance on several application benchmarks. We have described the reason, which is that the number of functions vulnerable to buffer overflow is relatively small compared to the total number of functions used.

We have implemented our system as a intermediate language translator for gcc, which means the implementation is independent of the operating systems and the processors used. We believe that the minimal performance overhead and its universal applicability makes it the best defense system for workstations, personal digital assistants(PDA), and cellular telephone system.



Etoh
2000-11-08