StackGuard

E724133

buffer overflow protection mechanism compiler-based protection mechanism security technology

StackGuard is a compiler-based security technology that protects programs from stack-based buffer overflow attacks by inserting canary values to detect and prevent stack corruption.

Try in SPARQL Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
StackGuard compiler extension	1

Statements (46)

Predicate	Object
instanceOf	buffer overflow protection mechanism ⓘ compiler-based protection mechanism ⓘ security technology ⓘ
aimsTo	increase resilience of legacy code against buffer overflows ⓘ
assumes	attacker cannot predict or control canary value ⓘ
basedOn	idea of placing a sentinel value before control data on stack ⓘ
category	memory safety mitigation ⓘ software exploit mitigation ⓘ
checks	canary value before executing function epilogue ⓘ
deploymentContext	network services ⓘ operating system components ⓘ systems programming ⓘ
designGoal	backward compatibility with existing C programs ⓘ low performance overhead ⓘ
detectionMethod	checking integrity of canary value before function return ⓘ
failureResponse	abort execution on canary mismatch ⓘ
granularity	per-function stack frame protection ⓘ
implementationDetail	compiler inserts prologue and epilogue code for canary handling ⓘ
implements	stack canary mechanism ⓘ
influenced	GCC stack protector mechanisms ⓘ later stack protection features in mainstream compilers ⓘ
inserts	canary word between buffer and control data on stack ⓘ
limitation	can be bypassed by some information leaks ⓘ does not prevent heap-based buffer overflows ⓘ does not prevent non-control-data attacks on stack ⓘ
mitigates	stack smashing attacks ⓘ
onCanaryCorruption	prevents use of corrupted return address ⓘ terminates program ⓘ
operatesAt	compile time ⓘ
primaryGoal	detection of stack corruption ⓘ prevention of stack corruption ⓘ
protects	frame pointer on stack ⓘ return address on stack ⓘ
protectsAgainst	stack-based buffer overflow attacks ⓘ
relatedConcept	buffer overflow mitigation ⓘ stack canaries ⓘ stack smashing ⓘ
requires	compiler support ⓘ recompilation of protected programs ⓘ
securityModel	integrity checking of stack control data ⓘ
securityProperty	integrity of return control flow ⓘ partial mitigation of code injection attacks via stack ⓘ
targetsLanguage	C NERFINISHED ⓘ C++ ⓘ
threatModel	attacker overwriting return address via buffer overflow ⓘ
uses	canary values ⓘ

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

Immunix → developed → StackGuard ⓘ

Immunix → notableProduct → StackGuard ⓘ

this entity surface form: StackGuard compiler extension