A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device

At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 6; pp. 72862 - 72869
Main Authors: Xu, Bin, Wang, Weike, Hao, Qiang, Zhang, Zhun, Du, Pei, Xia, Tongsheng, Li, Hongge, Wang, Xiang
Format: Journal Article
Language:English
Published: Piscataway IEEE 2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
buffer overflow
Buffer overflows
Buffers
Computer architecture
Defective products
execution behavior
Hardware
intrusion detection
IoT device
Monitoring
Overflow
Performance evaluation
secure tag
Security
Segments
Software
Software development
Software engineering
ISSN:2169-3536, 2169-3536
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace the execution behavior of programs. Another one is secure tag validation used to monitor the attributes of every memory segment. The automated extraction tools extract the monitoring model and secure tag of each memory segment at the compile time. At run-time, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior, if not the appropriate response mechanisms will be triggered. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can detect a wide range of buffer overflow attacks. And it takes low performance penalties and minimal overheads.
AbstractList At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace the execution behavior of programs. Another one is secure tag validation used to monitor the attributes of every memory segment. The automated extraction tools extract the monitoring model and secure tag of each memory segment at the compile time. At run-time, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior, if not the appropriate response mechanisms will be triggered. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can detect a wide range of buffer overflow attacks. And it takes low performance penalties and minimal overheads.
Author Xu, Bin
Wang, Xiang
Hao, Qiang
Du, Pei
Xia, Tongsheng
Zhang, Zhun
Li, Hongge
Wang, Weike
Author_xml – sequence: 1
  givenname: Bin
  orcidid: 0000-0002-4462-4160
  surname: Xu
  fullname: Xu, Bin
  email: xubin1978@buaa.edu.cn
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 2
  givenname: Weike
  surname: Wang
  fullname: Wang, Weike
  email: wangweike@buaa.edu.cn
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 3
  givenname: Qiang
  surname: Hao
  fullname: Hao, Qiang
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 4
  givenname: Zhun
  surname: Zhang
  fullname: Zhang, Zhun
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 5
  givenname: Pei
  surname: Du
  fullname: Du, Pei
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 6
  givenname: Tongsheng
  surname: Xia
  fullname: Xia, Tongsheng
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 7
  givenname: Hongge
  surname: Li
  fullname: Li, Hongge
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
– sequence: 8
  givenname: Xiang
  surname: Wang
  fullname: Wang, Xiang
  email: wxiang@buaa.edu.cn
  organization: School of Electronic and Information Engineering, Beihang University, Beijing, China
BookMark eNqFkU9PGzEQxa2KSgXKJ-BiqecE_1vbe0wDpZEicQg9W17vTOo0XVOvA8q3r-kihLjUF3tG770Z63dGToY0ACGXnM05Z-3VYrm82WzmgnE7F9ZypcwHciq4bmeykfrkzfsTuRjHHavH1lZjTsl6QTcQDjmWI72GMW4HiinT8hNqWSCUOGxpQvr1gAiZ3j1Cxn16ootSfPg10jjQVbqv2scY4DP5iH4_wsXLfU5-fLu5X36fre9uV8vFehYUs2WmTdCSYehUr3UwjeEojRGsk170UqPqhAQwzGrDFcMWehSyZ2ABux55K8_Jasrtk9-5hxx_-3x0yUf3r5Hy1vlcYtiD6wxYaUTHPErV-vppbrX1Cr1qDIquZn2Zsh5y-nOAsbhdOuShru-EahprG2FVVclJFXIaxwz4OpUz90zBTRTcMwX3QqG62neuEIsvMQ0l-7j_j_dy8kYAeJ1mK0RprPwLhD-VPw
CODEN IAECCG
CitedBy_id crossref_primary_10_1007_s11432_023_3865_0
crossref_primary_10_1109_TITS_2022_3220043
crossref_primary_10_1002_ett_4391
crossref_primary_10_1007_s11276_025_03942_2
crossref_primary_10_1109_COMST_2022_3151028
crossref_primary_10_1109_TC_2021_3139181
crossref_primary_10_1155_2022_5724168
crossref_primary_10_1109_ACCESS_2023_3288696
crossref_primary_10_4018_IJCAC_325624
crossref_primary_10_1016_j_iot_2020_100227
Cites_doi 10.1109/TIFS.2014.2365734
10.1007/978-3-319-50057-7_12
10.1145/2699026.2699098
10.1007/978-3-662-49301-4_27
10.1016/j.compeleceng.2008.06.010
10.1109/ICCD.2004.1347961
10.1109/TVLSI.2006.887799
10.1109/ITRE.2003.1270612
10.1145/782814.782838
10.1109/TC.2006.59
10.1109/AICCSA.2007.370926
10.1109/DASC.2009.5347415
10.1007/s11277-015-2478-z
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018
DBID 97E
ESBDL
RIA
RIE
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
DOA
DOI 10.1109/ACCESS.2018.2881447
DatabaseName IEEE Xplore (IEEE)
IEEE Xplore Open Access Journals (WRLC)
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Engineered Materials Abstracts
METADEX
Technology Research Database
Materials Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
Directory of Open Access Journals
DatabaseTitle CrossRef
Materials Research Database
Engineered Materials Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
METADEX
Computer and Information Systems Abstracts Professional
DatabaseTitleList

Materials Research Database
Database_xml – sequence: 1
  dbid: DOA
  name: Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2169-3536
EndPage 72869
ExternalDocumentID oai_doaj_org_article_b7e8372b0af349a6951868a4fa457f2b
10_1109_ACCESS_2018_2881447
8536378
Genre orig-research
GrantInformation_xml – fundername: National High-tech R&D Project of China (863)
  grantid: 2011AA010404
– fundername: Key Project of the National Science Foundation of China
  grantid: 61232009; 81571142
– fundername: National Natural Science Foundation of China
  grantid: 60973106
  funderid: 10.13039/501100001809
GroupedDBID 0R~
4.4
5VS
6IK
97E
AAJGR
ABAZT
ABVLG
ACGFS
ADBBV
AGSQL
ALMA_UNASSIGNED_HOLDINGS
BCNDV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
EJD
ESBDL
GROUPED_DOAJ
IPLJI
JAVBF
KQ8
M43
M~E
O9-
OCL
OK1
RIA
RIE
RNS
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c408t-67c630fcb4d66c7571f37720b3a2d36f4b23ee70867140f9edf23d0e8efbdf193
IEDL.DBID DOA
ISICitedReferencesCount 15
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000453718100001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 2169-3536
IngestDate Fri Oct 03 12:41:58 EDT 2025
Sun Nov 30 03:49:20 EST 2025
Sat Nov 29 03:33:31 EST 2025
Tue Nov 18 22:19:48 EST 2025
Wed Aug 27 02:02:26 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/OAPA.html
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c408t-67c630fcb4d66c7571f37720b3a2d36f4b23ee70867140f9edf23d0e8efbdf193
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-4462-4160
OpenAccessLink https://doaj.org/article/b7e8372b0af349a6951868a4fa457f2b
PQID 2455885284
PQPubID 4845423
PageCount 8
ParticipantIDs crossref_primary_10_1109_ACCESS_2018_2881447
crossref_citationtrail_10_1109_ACCESS_2018_2881447
proquest_journals_2455885284
doaj_primary_oai_doaj_org_article_b7e8372b0af349a6951868a4fa457f2b
ieee_primary_8536378
PublicationCentury 2000
PublicationDate 20180000
2018-00-00
20180101
2018-01-01
PublicationDateYYYYMMDD 2018-01-01
PublicationDate_xml – year: 2018
  text: 20180000
PublicationDecade 2010
PublicationPlace Piscataway
PublicationPlace_xml – name: Piscataway
PublicationTitle IEEE access
PublicationTitleAbbrev Access
PublicationYear 2018
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References xu (ref16) 2002
ref12
divya (ref13) 2006; 14
ref15
ref20
ref21
ref17
kiriansky (ref4) 2002
ref19
ref18
yunsi (ref14) 2007
ref8
slowinska (ref7) 2012
ref9
ref3
ref5
xiang (ref10) 2008
olga (ref11) 2009; 35
cowan (ref2) 2003
abadi (ref6) 2005
cowan (ref1) 1998
References_xml – start-page: 91
  year: 2003
  ident: ref2
  article-title: Pointguard TM: Protecting pointers from buffer overflow vulnerabilities
  publication-title: Proc Usenix Secur Symp
– ident: ref19
  doi: 10.1109/TIFS.2014.2365734
– start-page: 11
  year: 2012
  ident: ref7
  article-title: Body armor for binaries: Preventing buffer overflows without recompilation
  publication-title: Proc USENIX Conf Annu Tech Conf
– year: 2002
  ident: ref16
  article-title: Architecture support for defending against bufferoverflow attacks
  publication-title: Proc Workshop Evaluating and Architecting Systems for Dependability
– start-page: 191
  year: 2002
  ident: ref4
  article-title: Secure execution via program Shepherding
  publication-title: Proc Usenix Secur Symp
– ident: ref18
  doi: 10.1007/978-3-319-50057-7_12
– start-page: 63
  year: 1998
  ident: ref1
  article-title: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks
  publication-title: Proc Usenix Secur Symp
– ident: ref8
  doi: 10.1145/2699026.2699098
– start-page: 340
  year: 2005
  ident: ref6
  article-title: Control-flow integrity principles, implementations, and applications
  publication-title: Proc ACM Conf Comput Commun Secur (CCS)
– start-page: 650
  year: 2008
  ident: ref10
  article-title: Hardware monitoring to enhance embedded system security
  publication-title: Proc Acad Forum China Inf Technol
– ident: ref21
  doi: 10.1007/978-3-662-49301-4_27
– volume: 35
  start-page: 315
  year: 2009
  ident: ref11
  article-title: A compiler-hardware approach to software protection for embedded systems
  publication-title: Comput Elect Eng
  doi: 10.1016/j.compeleceng.2008.06.010
– ident: ref12
  doi: 10.1109/ICCD.2004.1347961
– volume: 14
  start-page: 1295
  year: 2006
  ident: ref13
  article-title: Hardware-assisted run-time monitoring for secure program execution on embedded processors
  publication-title: IEEE Trans Very Large Scale Integr (VLSI) Syst
  doi: 10.1109/TVLSI.2006.887799
– start-page: 815
  year: 2007
  ident: ref14
  article-title: Microarchitectural support for program code integrity monitoring in application-specific instruction set processors
  publication-title: Proc Conf Design Automat Test Eur
– ident: ref5
  doi: 10.1109/ITRE.2003.1270612
– ident: ref9
  doi: 10.1145/782814.782838
– ident: ref3
  doi: 10.1109/TC.2006.59
– ident: ref15
  doi: 10.1109/AICCSA.2007.370926
– ident: ref17
  doi: 10.1109/DASC.2009.5347415
– ident: ref20
  doi: 10.1007/s11277-015-2478-z
SSID ssj0000816957
Score 2.2464738
Snippet At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced...
SourceID doaj
proquest
crossref
ieee
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 72862
SubjectTerms buffer overflow
Buffer overflows
Buffers
Computer architecture
Defective products
execution behavior
Hardware
intrusion detection
IoT device
Monitoring
Overflow
Performance evaluation
secure tag
Security
Segments
Software
Software development
Software engineering
SummonAdditionalLinks – databaseName: IEEE Electronic Library (IEL)
  dbid: RIE
  link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1Lb9QwEB61FQc40EJBbB_IB45N67Ud2zluFyqQqoJEQb1Zfo1UqdpUbRb-fm3HjUAgJG5JNI6cfLZnxo_vA3hnrWZRRt8EitgIgbxxnLnGKh5zBO5jIXv-fq4uLvTVVfdlA46mszAxxrL5LB7ny7KWH3q_zlNlJ8m1SK70JmwqpcazWtN8ShaQ6FpViYXmtDtZLJfpG_LuLX3MtE6Zg_rN-RSO_iqq8sdIXNzL2fb_VWwHntcwkixG3F_ARly9hGe_kAvuwvmCfK3idOR92adBUoBKUsCXbvPSQbIiPZLTdZZIIZ9Tm8ab_idZDEM-d0-uV-RTf5ls81jyCr6dfbhcfmyqdkLjBdVDI5WXnKJ3IkjpVavmyFMgTR23LHCJwjEeo6KZ3k5Q7GJAxgONOqILmKK617C16lfxDRDhUhLlZLBMBYEotbM8zm2LbB5kCtdmwB5_qvGVWDzrW9yYkmDQzoxImIyEqUjM4GgqdDvyavzb_DSjNZlmUuzyIMFgah8zTsWUbjNHLXLR2dQcshaAFWhFq5C5Gexm6KaXVNRmcPCIvakd-N4w0bZat8l57_291D48zRUcZ2MOYGu4W8dDeOJ_DNf3d29L23wAVz_g2g
  priority: 102
  providerName: IEEE
Title A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device
URI https://ieeexplore.ieee.org/document/8536378
https://www.proquest.com/docview/2455885284
https://doaj.org/article/b7e8372b0af349a6951868a4fa457f2b
Volume 6
WOSCitedRecordID wos000453718100001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVAON
  databaseName: Directory of Open Access Journals
  customDbUrl:
  eissn: 2169-3536
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0000816957
  issn: 2169-3536
  databaseCode: DOA
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://www.doaj.org/
  providerName: Directory of Open Access Journals
– providerCode: PRVHPJ
  databaseName: ROAD: Directory of Open Access Scholarly Resources
  customDbUrl:
  eissn: 2169-3536
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0000816957
  issn: 2169-3536
  databaseCode: M~E
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://road.issn.org
  providerName: ISSN International Centre
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV3PSx0xEA5FeqgH0ar4rEoOPXY1m2ST7PH5qrRgraAVbyHZZECQ90TXevNvd5KNjycFvfSysMvsj0xmZ77ZnXxDyFfnDI8qdlVgAJWUICovuK-cFjEh8C5msufLE316aq6u2rOFVl-pJmygBx4Ud-B1xByKe-ZAyNYpRARGGSfByUYD98n7IupZSKayDzY1SupCM1Sz9mA8meCIUi2X2efGYB6hX4WizNhfWqz845dzsDleJSsFJdLx8HRr5EOcfibLC9yB6-RkTM9L7zn6PZdhUMSfFPEc7qY_AyhFZ0APH1IHFPobTRZuZo903PdpWT29ntKfswuUTa5ig_w5PrqY_KhKa4Sqk8z0ldKdEgw6L4NSnW50DQJxMvPC8SAUSM9FjJol9jrJoI0BuAgsmgg-AIK2TbI0nU3jFqHSY47kVXBcBwmgjHci1q4BXgeFaGxE-IuWbFd4w1P7ihub8wfW2kG1NqnWFtWOyLf5SbcDbcbb4odJ_XPRxHmdD6Al2GIJ9j1LGJH1NHnziyAQUUKbEdl5mUxb3s97y2XTGNNgbN7-H7f-Qj6l4QyfZnbIUn_3EHfJx-5vf31_t5dNE7e_no728gLDZy5R5aU
linkProvider Directory of Open Access Journals
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1Lb9QwEB6VggQceLWoCwV84Ni0ju3YznG7pWrFsiCxoN4sP6VK1aZqs_D3sR03AhVV6i2JxpGTz_bM-PF9AB-1lsRzbyuHQ6gYC7QylJhKC-pTBG59Jnv-OReLhTw7a79twN54FsZ7nzef-f10mdfyXWfXaarsILoWToV8AA8bxkg9nNYaZ1SShETbiEItVOP2YDqbxa9I-7fkPpEy5g7iH_eTWfqLrMqtsTg7mOPn96vaC3hWAkk0HZB_CRt-9Qqe_kUvuAXzKfpe5OnQUd6pgWKIimLIF2_T4kG0Ql1Ah-skkoK-xlYdLrrfaNr36eQ9Ol-h024ZbdNosg0_jj8tZydVUU-oLMOyr7iwnOJgDXOcW9GIOtAYSmNDNXGUB2YI9V7gRHDHcGi9C4Q67KUPxoUY172GzVW38juAmIlplOFOE-FYCFwaTX2tm0Bqx2PANgFy81OVLdTiSeHiQuUUA7dqQEIlJFRBYgJ7Y6HLgVnjbvPDhNZommix84MIgyq9TBnhY8JNDNaBslbH5pDUADQLmjUiEDOBrQTd-JKC2gR2b7BXpQtfK8KaRsomuu83_y_1AR6fLL_M1fx08fktPEmVHeZmdmGzv1r7d_DI_urPr6_e53b6BzAp5CE
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Security+Design+for+the+Detecting+of+Buffer+Overflow+Attacks+in+IoT+Device&rft.jtitle=IEEE+access&rft.au=Xu%2C+Bin&rft.au=Wang%2C+Weike&rft.au=Hao%2C+Qiang&rft.au=Zhang%2C+Zhun&rft.date=2018&rft.pub=IEEE&rft.eissn=2169-3536&rft.volume=6&rft.spage=72862&rft.epage=72869&rft_id=info:doi/10.1109%2FACCESS.2018.2881447&rft.externalDocID=8536378
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon