Canary-Based Protection StackGuard Soltware Security Idea: Background arg 2 e prologue introduces a arg 1 Cattary Dodenzs © ShackCurd canary word between return addr StaCianf Waaanat DnG return addr and locals caller's ebp ←-%ebp Puymnishie Cinin callee-save Data Execution Prevention CANARY Dutindan locals ASLR A9月 一%esp57 Software Security Background Control Flow Hijack Control Flow Hijack Defense Canary Defense 10 StackGuard StackGuard Weakness DiffGuard Polymorphic Canary Data Execution Prevention Definition DEP Scorecard Return-to-libc Attack ASLR ASLR Randomization ASLR Dept. of Computer Science, Nanjing University Canary-Based Protection StackGuard