SegmentShield: Exploiting segmentation hardware for protecting against buffer overflow attacks

被引:0
|
作者
Shinagawa, Takahiro [1 ]
机构
[1] Tokyo Univ Agr & Technol, Div Syst Informat Sci, Tokyo, Japan
来源
SRDS 2006: 25TH IEEE SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS, PROCEEDINGS | 2006年
关键词
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%.
引用
收藏
页码:277 / 286
页数:10
相关论文
共 50 条
  • [31] PointGuard™:: Protecting pointers from buffer overflow vulnerabilities
    Cowan, C
    Beattie, S
    Johansen, J
    Wagle, P
    USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, 2003, : 91 - 104
  • [32] Exploiting Buffer Overflow Vulnerabilities in Software Defined Radios
    Hitefield, S. D.
    Fowler, M.
    Clancy, T. Charles
    IEEE 2018 INTERNATIONAL CONGRESS ON CYBERMATICS / 2018 IEEE CONFERENCES ON INTERNET OF THINGS, GREEN COMPUTING AND COMMUNICATIONS, CYBER, PHYSICAL AND SOCIAL COMPUTING, SMART DATA, BLOCKCHAIN, COMPUTER AND INFORMATION TECHNOLOGY, 2018, : 1921 - 1927
  • [33] DoSGuard: Protecting Pipelined MPSoCs Against Hardware Trojan Based DoS Attacks
    Malekpour, Amin
    Ragelt, Roshan
    Ignjatovic, Aleksandar
    Parameswaran, Sri
    2017 IEEE 28TH INTERNATIONAL CONFERENCE ON APPLICATION-SPECIFIC SYSTEMS, ARCHITECTURES AND PROCESSORS (ASAP), 2017, : 45 - 52
  • [34] Survey of Protections from Buffer-Overflow Attacks
    Piromsopa, Krerk
    Enbody, Richard J.
    ENGINEERING JOURNAL-THAILAND, 2011, 15 (02): : 31 - 52
  • [35] Buffer overflow attacks on linux principles analyzing and protection
    Gu, ZM
    Yao, JD
    Qin, J
    DCABES 2002, PROCEEDING, 2002, : 385 - 387
  • [36] Detection of Network Buffer Overflow Attacks: A Case Study
    Maros, Barabas
    Ivan, Homoliak
    Matej, Kacic
    Petr, Hanacek
    2013 47TH INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2013,
  • [37] On evolving buffer overflow attacks using genetic programming
    Kayacik, Hilmi Guenes
    Heywood, Malcolm
    Zincir-Heywood, Nur
    GECCO 2006: GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE, VOL 1 AND 2, 2006, : 1667 - +
  • [38] A dynamic mechanism for recovering from buffer overflow attacks
    Sidiroglou, S
    Giovanidis, G
    Keromytis, AD
    INFORMATION SECURITY, PROCEEDINGS, 2005, 3650 : 1 - 15
  • [39] Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
    Homoliak, Ivan
    Ovsonka, Daniel
    Koranda, Karel
    Hanacek, Petr
    2014 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2014,
  • [40] Assuring Software Security Against Buffer Overflow Attacks in Embedded Software Development Life Cycle
    Park, Chul Su
    Lee, Jae Hee
    Seo, Seong Chae
    Kim, Byung Ki
    12TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY: ICT FOR GREEN GROWTH AND SUSTAINABLE DEVELOPMENT, VOLS 1 AND 2, 2010, : 787 - 790
12345