Dynamic code instrumentation to detect and recover from return address corruption

Return address corruption on the stack using buffer overflow attacks is one of the most common ways in which the security of a system can be compromised. This paper provides a way of detecting return address corruption on the stack using dynamic code instrumentation. The detection is done at run-time and it does not depend on the availability of source code of the vulnerable application. The approach we are presenting is not limited only to buffer overflows, rather it can handle any kind of return address corruption. Furthermore, cases in which recovery from stack corruption is possible and the mechanisms for recovery in such cases have also been discussed.