Abstract
The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Slammer. In this paper, we propose a new architectural solution to detect and deter the buffer overflow exploit. The idea is that the buffer overflow attacks usually exhibit abnormal symptoms in the system. This kind of unusual behavior can be simply detected by checking the integrity of instruction and data references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the integrity rules are negligible. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed safety guards. By randomly corrupting stack and other data sections of a process’s address space during simulation, we create various buffer overflow scenarios, including both stack and heap smashing. Experimental data shows that enforcing two safety guards not only reduces the number of system failures substantially but it also circumvents virtually all forms of malicious code execution made by stack smashing or function pointer corruptions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aleph One, Smashing the Stack for Fun and Profit, BugTraq Archives, http://immunix.org/StackGuard/profit.html
Baratloo, A., Singh, N., Tsai, T.: Transparent Run-Time Defense Against Stack Smashing Attacks. In: Proceedings of the USENIX Annual Technical Conference (June 2000)
Snow, B.: Future of Security, Panel Presentation at IEEE Security and Privacy (May 1999)
Bulba, Kil3r: Bypassing Stackguard and Stackshield. Phrack 10(56) (May 2000)
Cooperative Association for Internet Data Analysis (CAIDA), Analysis of the Sapphire Worm (January 2003), http://www.caida.org/analysis/security/sapphier/
CERT/CC Statistics 1988-2003, http://www.cert.org/stats/cert_stats.html
Pyo, C., Lee, G.: Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack. In: Proceedings of the Fifth International Conference on Information and Communications Security (October 2003)
Common Vulnerabilities and Exposures (CVE), [TECH] Vulnerability Types Seen in CVE, http://cve.mitre.org/board/archives/2002-10/msg00005.html
Cowon, C., Beattie, S., Day, R.F., Pu, C., Wagle, P., Walthinsen, E.: Protecting Systems from Stack Smashing Attacks with StackGuard. In: The Linux Expo (1999)
Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. In: Proceedings of the DARPA Information Survivability Conference and Exposition (January 2000)
Dean, D., Felten, E.W., Wallach, D.S.: Java Security: From HotJava to NetScape and Beyond. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (1996)
Lee, G., Tyagi, A.: Encoded Program Counter: Self-Protection from Buffer Overflow Attack. In: Proceedings of the International Conference on Internet Computing (June 2000)
Openwall Project, Linux kernel patch from the openwall project, http://openwall.com/linux
Jones, R., Kelly, P.: Bounds Checking for C (July 1995) http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html
SANS Institute and FBI, The Twenty Most Critical Internet Security Vulnerabilities The Expert’s Consensus (2003) http://www.sans.org/top20
Symantec, Blended Attack Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. In: Proceedings of the Virus Bulletin Conference (September 2002)
Chiueh, T.-C., Hsu, F.-H.: RAD: A Compile-Time Solution to Buffer Overflow Attacks. In: Proceedings of the 21st International Conference on Distributed Computing Systems (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, L., Shin, Y. (2004). Enforcement of Architectural Safety Guards to Deter Malicious Code Attacks through Buffer Overflow Vulnerabilities. In: Müller-Schloer, C., Ungerer, T., Bauer, B. (eds) Organic and Pervasive Computing – ARCS 2004. ARCS 2004. Lecture Notes in Computer Science, vol 2981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24714-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-24714-2_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21238-6
Online ISBN: 978-3-540-24714-2
eBook Packages: Springer Book Archive