A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device

At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE access Ročník 6; s. 72862 - 72869
Hlavní autoři: Xu, Bin, Wang, Weike, Hao, Qiang, Zhang, Zhun, Du, Pei, Xia, Tongsheng, Li, Hongge, Wang, Xiang
Médium: Journal Article
Jazyk:angličtina
Vydáno: Piscataway IEEE 2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
buffer overflow
Buffer overflows
Buffers
Computer architecture
Defective products
execution behavior
Hardware
intrusion detection
IoT device
Monitoring
Overflow
Performance evaluation
secure tag
Security
Segments
Software
Software development
Software engineering
ISSN:2169-3536, 2169-3536
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace the execution behavior of programs. Another one is secure tag validation used to monitor the attributes of every memory segment. The automated extraction tools extract the monitoring model and secure tag of each memory segment at the compile time. At run-time, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior, if not the appropriate response mechanisms will be triggered. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can detect a wide range of buffer overflow attacks. And it takes low performance penalties and minimal overheads.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2018.2881447