An Efficient Pointer Protection Scheme to Defend Buffer Overflow Attacks
We present a new efficient pointer protection method to defend buffer overflow attacks. It uses a simple watermark to protect the pointer: during dereferencing the pointer variable, a watermark is also written/updated and before referencing the pointer variable, it verifies consistency of the watermark. If the pointer’s watermark does not exist or was damaged, our scheme regards this as an intrusion and stops the execution. The proposed scheme has the following strong points. First, unlike other randomization methods, our scheme has no possibility of malfunction caused by the execution of arbitrary instructions. Second, we conducted various experiments on prototype implementation, which showed that our scheme is as secure as the previous randomization schemes. Third, experimental results showed that the performance degradation is not high. Forth, unlike other randomization schemes, our scheme can support attack profiling.
Keywordssystem security buffer overflow randomization
Unable to display preview. Download preview PDF.
- Barrantes, G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In: 10th ACM Conference on Computer and Communication Security, October 2003, 281–289 (2003)Google Scholar
- Bhatkar, S., DuVarney, D.C., Sekar, R.: Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: 12th USENIX Security Symposium, August 2003, pp. 105–120 (2003)Google Scholar
- Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities. In: 12th USENIX Security Symposium, August 2003, 91–104 (2003)Google Scholar
- Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks. In: 7th USENIX Security Symposium, January 1998, pp. 63–78 (1998)Google Scholar
- Jones, R., Kelly, P.: Bounds Checking for C, avaliable at http://www.ala.doc.ic.ac.u/~phjk/BoundsChecking.html (July 1995)
- Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization. In: 10th ACM Conference on Computer and Communication Security, October 2003, pp. 272–280 (2003)Google Scholar
- Lamagra. Project OMEGA, avaliable at http://ouah.kernsh.org/omega1lam.txt
- McGary, G.: Bounds Checking for C and C++ Using Bounded Pointers, avaliable at http://gcc.gnu.org/projects/bp/main.html (2000)
- Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-Safe Retrofitting of Legacy Code. In: 29th ACMSymposium on Principles of Programming Languates, POPL 2002 (2002)Google Scholar
- One, A.: Smasing The Stack For Fun And Profit. Phrack 49, File 14 of 16 (1996) Google Scholar
- PaX team. The PaX Project, avaliable at http://pageexec.virtualave.net (2001)