Title | ||
---|---|---|
Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow |
Abstract | ||
---|---|---|
Buffer overflow vulnerabilities are currently the most prevalent security vulnerability; they are responsible for over half of the CERT advisories issued in the last three years. Since many attacks exploit buffer overflow vulnerabilities, techniques that prevent buffer overflow attacks would greatly increase the difficulty of writing a new worm. This paper examines both software and hardware solutions for protecting code pointers from buffer overflow attacks. We first evaluate the performance overhead of the existing Point-Guard software solution for protecting code pointers, and show that it can be applied using binary modification to protect return pointers on the stack. These software techniques guard against write attacks, but not read attacks, where an attacker is attempting to gain information about the pointer protection mechanism in order to later mount a write buffer attack. To address this, we examine encryption hardware to provide security for code pointers from read and write attacks. In addition, we show that pure software solutions can degrade program performance, and the light-weight encryption hardware techniques we examine can be used to provide protection with little performance overhead. |
Year | DOI | Venue |
---|---|---|
2004 | 10.1109/MICRO.2004.20 | MICRO |
Keywords | Field | DocType |
software technique,buffer overflow,buffer attack,buffer overflow vulnerability,existing point-guard software solution,code pointer,code pointer protection,buffer overflow attack,hardware solution,binary modification support,pure software solution,performance overhead,encryption hardware,hardware,computer security,writing,cryptography,computer worms,computer science,software performance | Pointer (computer programming),Vulnerability (computing),Cryptography,Computer science,Computer security,Computer worm,Encryption,Real-time computing,Computer hardware,Parallel computing,Exploit,Write buffer,Operating system,Buffer overflow | Conference |
ISSN | ISBN | Citations |
1072-4451 | 0-7695-2126-6 | 42 |
PageRank | References | Authors |
2.54 | 19 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nathan Tuck | 1 | 334 | 18.56 |
Brad Calder | 2 | 4145 | 251.59 |
George Varghese | 3 | 8149 | 727.66 |