Abstract
Run-time memory access violations are one of the main causes of vulnerabilities in software systems. These violations occur since a run-time enforcement of some of the programming language semantics becomes excessively expensive. Violations of array bounds are reflected in a very common security exploit known as a buffer overflow exploit. We propose a hardware aided technique for bounds checking stack allocated data objects that reduces the overhead for bounds checking tremendously. Each stack access is verified to be within the stack frame as a hardware activity in parallel with rest of the load/store actions (and hence with no performance overhead). This allows the compiler to enforce the run time bounds only for pointer-based memory accesses in the static/global data and heap spaces. We profile the average number of pointer-based accesses into the stack region (about 40%) and the average number of stack allocated aggregate objects (about 33%) over eight benchmark programs. This reduces the complexity of the run-time checks by approximately 60%. We demonstrate through an instruction level architecture simulator, that the performance overhead of hardware stack bounds checking is very close to zero. We also implement a prototype compiler extension (based on the GNU C Compiler) for checking memory accesses only for global and static address spaces. The performance overhead of our dynamic bounds checking aided by hardware stack bounds check support is approximately 2x on the average over a mix of eight pointer intensive benchmark programs and SPEC 2000 benchmark programs (as opposed to the reported overhead of 30x without such hardware support). We also describe how the compiler technique can be extended to check heap addresses.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Austin, T., Breach, S., Sohi, G.: Efficient detection of all pointer and array access errors. In: Proceedings of the SIGPLAN Conference on Programming Language Design and Implementation (1994)
AlephOne: Smashing the stack for fun and profit. Phrack (November 1996)
Cowan, C., Pu, C., Maier, D., Hinton, H., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: Automatic adaptive detection and prevention of bufferoverflow attacks. In: Proceedings of the 7th USENIX Security Symposium (1998)
Jones, R.W.M., Kelly, P.H.J.: Backwards compatible bounds checking for arrays and pointers in c programs. In: Proceedings of the third International Workshop on Automated Debugging, pp. 13–26 (1997)
McGary, G.: Bounds checking in c & c++ using bounded pointers (2000), http://gcc.gnu.org/projects/bp/main.html
Lhee, K., Chapin, S.J.: Type-assisted dynamic buffer overflow detection. In: Proceedings of the 11th USENIX Security Symposium (2002)
Evans, D.: Static detection of dynamic memory errors. In: Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (1996)
Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium (2001)
Johnson, S.C.: Lint, a c program checker. Bell Laboratories Computer Science Technical Report 65 (1977)
Bulba, Kil3r: Bypassing stackguard and stackshield. Phrack (May 2000)
Lee, G., Tyagi, A.: Encoded program counter: Self-protection from buffer overflow attacks. In: International Conference on Internet Computing, pp. 387–394 (2000)
RationalSoftware: Debugging tools and advanced run-time error checking with purify, http://www.rational.com
Frantzen, M., Shuey, M.: Stackghost: Hardware facilitated stack protection. In: Proceedings of the 10th USENIX Security Symposium (2001)
Xu, J., Kalbarczyk, Z., Patel, S., Iyer, R.K.: Architecture support for defending against buffer overflow attacks. In: Second Workshop on Evaluating and Architecting System dependabilitY, EASY (2002)
Project, O.W.: Linux kernel patch from the openwall project, http://www.openwall.com/linux
Wojtczuk, R.: Defeating solar designer non-executable stack patch (January 1998), http://www.insecure.org/sploits/non-executable.stack.problems.html
Hennessy, J.L., Patterson, D.A.: Computer architecture: A quantitative approach, 3rd edn. Morgan Kaufmann Publishers, San Francisco (2002)
Austin, T., Burger, D., Bennett, S.: Evaluating future microprocessor: the simplescalar tool set. Technical Report TR-1308, Dept of Computer Science, University of Wisconsin-Madison (July 1996)
AvayaLabsResearch: Libsafe: Protecting critical elements of stacks (2002), http://www.research.avayalabs.com/project/libsafe
SPEC: Spec2000 cpu benchmark (2000), http://www.spec.org
Stallman, R.M.: Gnu compiler collection internals (2002), http://gcc.gnu.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ramarao, P., Tyagi, A., Lee, G. (2003). Run-Time Support for Detection of Memory Access Violations to Prevent Buffer Overflow Exploits. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_28
Download citation
DOI: https://doi.org/10.1007/10958513_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive