Efficient Array & Pointer Bound Checking Against Buffer Overflow Attacks via Hardware/Software
نویسندگان
چکیده
Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable over-
منابع مشابه
Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks
Malicious intrusions by buffer overflow attacks cause serious security problems and pose serious threats for networks and distributed systems such as clusters, Grids and P2P systems. Array & pointer boundary checking is one of the most effective approaches for defending against buffer overflow attacks. However, a big performance overhead may occur after boundary checking is applied. Typically, ...
متن کاملDefending Embedded Systems Against Buffer Overflow via Hardware/Software
Buffer overflow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. In this paper, we propose the Hardware/Software Address Protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack s...
متن کاملA Compiler-Hardware Technique for Protecting Against Buffer Overflow Attacks
Buffer overflow attacks are widely acknowledged by computer security professionals to be one of the greatest threats to the security of computer systems. We present an integrated softwarehardware approach to protect against buffer overflow attacks while minimizing performance degradation, software development time, and deployment costs. Our technique does not change the processor core, but inst...
متن کاملGANDALF: A fine-grained hardware-software co-design for preventing memory attacks
Reading or writing outside the bounds of a buffer is a serious security vulnerability that has been exploited in numerous occasions. These attacks can be prevented by ensuring that every buffer is only accessed within its specified bounds. In this paper we present Gandalf, a compiler assisted hardware extension for the OpenRISC processor that thwarts all forms of memory based attacks including ...
متن کاملTIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection
Buffer overflow exploits make use of the treatment of strings in C as character arrays rather than as first-class objects. Manipulation of arrays as pointers and primitive pointer arithmetic make it possible for a program to access memory locations which it is not supposed to access. There have been many efforts in the past to overcome this vulnerability by performing array bounds checking in C...
متن کامل