CleanStack: Dual-Stack Solution to Defend Against Memory Corruption Attacks

CleanStack is a novel stack protection mechanism designed to combat memory corruption attacks, which have long been a significant threat to software systems.

These attacks exploit vulnerabilities in low-level languages like C/C++ to execute arbitrary code or manipulate memory operations.

CleanStack addresses these issues by introducing a dual-stack system that isolates and randomizes stack objects influenced by external inputs, thereby preventing attackers from modifying return addresses or predicting stack layouts.

Introduction to CleanStack

CleanStack’s approach is based on the Tainted Stack Object Separation (TSOS) theory, which involves identifying and isolating stack objects that may be tainted by external inputs.

This is crucial because attackers often exploit such vulnerabilities to launch control-flow hijacking attacks or non-control data attacks.

By separating tainted stack objects into a distinct stack, CleanStack ensures that these objects cannot interfere with the return addresses or other safe stack objects.

Additionally, CleanStack randomizes the placement of ...