Hardware Stack Design: Towards an Effective Defence Against Frame Pointer Overwrite Attacks
Currently, a buffer overflow attack is one of the most serious and widely utilized assaults in computer systems. Defense methods against this attack can be classified as three: compiler modification, system software modification, and hardware modification. Among them, most of the cases, hardware modification methods aim at detecting or tolerating alternation of return addresses in the memory stack. However, to the best of our knowledge, the previous methods cannot defend against frame pointer overwrite attacks, where an adversary can control the execution at his/her will by modifying the saved frame pointers in the stack. In this paper, we present a new reliable hardware stack to detect alternation of saved frame pointers as well as return addresses. We show that the proposed method can defend against both frame pointer overwrite attacks and stack smashing attacks.
Keywordscomputer security buffer overflow attack computer architecture
Unable to display preview. Download preview PDF.
- 1.Barrantes, G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In: 10th ACM Conference on Computer and Communication Security, pp. 281–289 (October 2003)Google Scholar
- 2.Bhatkar, S., DuVarney, D.C., Sekar, R.: Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: 12th USENIX Security Symposium, pp. 105–120 (August 2003)Google Scholar
- 3.NX bit. from wikipidia, free enclopedia, avaliable at: http://en.wikipedia.org/wiki/NX_bit
- 4.Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities. In: 12th USENIX Security Symposium, pp. 91–104 (August 2003)Google Scholar
- 5.Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks. In: 7th USENIX Security Symposium, pp. 63–78 (January 1998)Google Scholar
- 6.klog: The Frame Pointer Overwrite. Phrack Magazine 9(5) (1999)Google Scholar
- 7.Lee, R.B., Kang, D.K., McGregor, J.P., Shi, Z.: Enlisting Hardware Architecture to Thwart Malicious Code Injection. In: International Conference on Security in Pervasive Computing (2003)Google Scholar
- 8.Newsharm, T.: Format String Attacks, GUARDENT Technical Report (2000)Google Scholar
- 9.Aleph One. Smasing The Stack For Fun And Profit. Phrack 49, File 14 of 16 (1996)Google Scholar
- 10.Ozdoganoglu, H., Vijaykumar, T.N., Jalote, C.A. et al.: SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address. Technical report, TR-ECE-03-13, Purdue University, School of ECE (2003)Google Scholar
- 11.PaX team. The PaX Project (2001), avaliable at: http://pageexec.virtualave.net
- 12.Xu, J., Kalbarczyk, Z., Partel, S., Iyar, R.K.: An Architecture Support for Defending Against Buffer Overflow Attacks. In: Workshop on Evaluating and Architecting System Dependability (2002)Google Scholar