A Compiler-Hardware Technique for Protecting Against Buffer Overflow Attacks
نویسندگان
چکیده
Buffer overflow attacks are widely acknowledged by computer security professionals to be one of the greatest threats to the security of computer systems. We present an integrated softwarehardware approach to protect against buffer overflow attacks while minimizing performance degradation, software development time, and deployment costs. Our technique does not change the processor core, but instead adds a hardware module in the form of a Field Programmable Gate Array (FPGA) that sits between cache and memory and that is able to defend return addresses from buffer overflow attacks. Our solution exhibits neither the performance overhead of software solutions nor the CPU redesign costs of hardware solutions.
منابع مشابه
PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities
Despite numerous security technologies crafted to resist buffer overflow vulnerabilities, buffer overflows continue to be the dominant form of software security vulnerability. This is because most buffer overflow defenses provide only partial coverage, and the attacks have adapted to exploit problems that are not well-defended, such as heap overflows. This paper presents PointGuard, a compiler ...
متن کاملPointGuardTM: Protecting Pointers From Buffer Overflow Vulnerabilities
Despite numerous security technologies crafted to resist buffer overflow vulnerabilities, buffer overflows continue to be the dominant form of software security vulnerability. This is because most buffer overflow defenses provide only partial coverage, and the attacks have adapted to exploit problems that are not well-defended, such as heap overflows. This paper presents PointGuard, a compiler ...
متن کاملDefending Embedded Systems Against Buffer Overflow via Hardware/Software
Buffer overflow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. In this paper, we propose the Hardware/Software Address Protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack s...
متن کاملArchitecture Support for Defending Against Buffer Overflow Attacks
Buffer overflow attacks are the predominant threat to the secure operation of network and in particular, Internetbased applications. Stack smashing is a common mode of buffer overflow attack for hijacking system control. This paper evaluates two architecture-based techniques to defend systems against such attacks: (1) the split control and data stack, and (2) secure return address stack (SRAS)....
متن کاملStackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vuln...
متن کامل