SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied cod...
Saved in:
| Published in: | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) pp. 277 - 288 |
|---|---|
| Main Author: | |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01.10.2006
|
| Subjects: | |
| ISBN: | 9780769526775, 0769526772 |
| ISSN: | 1060-9857 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
|---|---|
| AbstractList | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
| Author | Shinagawa, T. |
| Author_xml | – sequence: 1 givenname: T. surname: Shinagawa fullname: Shinagawa, T. organization: Div. of Syst. Inf. Sci., Tokyo Univ. of Agric. & Technol |
| BookMark | eNotjEtPwkAYADcRExF78-Zl_0Bx3w9viCgmJBjLWbJtv62rpSXbFfTfmyinOcxkLtGo6ztA6JqSKaXE3havD8WUEaKmgp-hzGpDtLKSKa3lCI0pUSS3RuoLlA3DByGEWqUFpWP0VkCzgy4V7wHa-g4vvvdtH1LoGnwyLoW-w0sX66OLgH0f8UvsE1R_kWtc6IaE77-8h4jXB4i-7Y94lpKrPocrdO5dO0B24gRtHheb-TJfrZ-e57NVHpigKafMypoyJr0npbKl5MBMKVmlRC1K5sA6LS33wtG6NtKAsqCoMEr4ihvFJ-jmfxsAYLuPYefiz1YQzoSx_BdUzlXe |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SRDS.2006.43 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Xplore IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Agriculture Computer Science |
| EndPage | 288 |
| ExternalDocumentID | 4032489 |
| Genre | orig-research |
| GroupedDBID | 23M 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| IEDL.DBID | RIE |
| ISBN | 9780769526775 0769526772 |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1060-9857 |
| IngestDate | Wed Aug 27 01:57:39 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_4032489 |
| PublicationCentury | 2000 |
| PublicationDate | 2006-10-01 |
| PublicationDateYYYYMMDD | 2006-10-01 |
| PublicationDate_xml | – month: 10 year: 2006 text: 2006-10-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationTitle | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) |
| PublicationTitleAbbrev | SRDS |
| PublicationYear | 2006 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001967411 ssj0020387 |
| Score | 1.6952277 |
| Snippet | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 277 |
| SubjectTerms | Agriculture Buffer overflow Cryptography Hardware Information science Kernel Linux Protection Runtime Security |
| Title | SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks |
| URI | https://ieeexplore.ieee.org/document/4032489 |
| WOSCitedRecordID | wos000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8JAEN4A8aAXFDC-swePVmi7u-16wwfxYJAIMZwku90paULAYJG_785Sigcv3vrYtM12pzOd75v5CLlWmoswlcbTPks9a4mhh5LWXsR1oBMjFXPJnPeXqN-Px2M5qJCbshYGABz5DG5x02H5ZpGsMFXWZh3r_mNZJdUoEptarV0-RQrrHEt6R4CwrEM6RceTMY82v-ySB8LGk0Xnne0-Lxnxsj18exxuMAos5PmluOIcTq_-v0c9JK1d5R4dlD7piFRg3iAH3emyaLEBDVLfCjnQwq6b5GMIU7weCmPPzB11xLwMCdG0OOPeH0WYf62WQG2ki7dBAAIHqanKbJhJ71eotkJfrXmks8WadvMcS_hbZNR7Gj08e4XwgpdZh557NgbgxreWnqYdLaTmIQSx5kEimGE6UCBVxGWYMuUbE_MYhARsKCpYmoSxCI9Jbb6Ywwmh9vsBoJlW0vgMsBmfCfwwMdDRSZQG8Slp4txNPjetNSbFtJ39ffic7LsMiOPSXZBavlzBJdlLvvPsa3nl1sMP5hewpQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NT9tAEB0FigS9hBIQlI_ugSMGe7279vYWoIiqaYiaqOJEtOsdR5FQgoIDf787G5Nw4NKbP1a2td7xjOe9mQdwaqxUaaldZBNRRt4S04gkraNMWm4Lp40IyZy_nazbze_vda8BZ8taGEQM5DM8p82A5btpMadU2YWIvfvP9Rp8kkLweFGttcqoaOXd45LgwQmYDViniiOdy2zx064lVz6irHvvvO3LJSdeX_T_XPcXKAWV8rzTXAku56b5fw-7Dbur2j3WW3qlL9DAyQ58bo9mdZMN3IHmm5QDqy27BQ99HNH1SBr70X1ngZo3Jko0q8-EN8gI6H81M2Q-1qXbEARBg8zIjH2gyS7npLfC7ryBlI_TV9auKiri34XBzY_B1W1USy9EY-_Sq8hHAdIl3tbLMrZKW5kiz63khRJOWG5Qm0zqtBQmcS6XOSqN1FJUibJIc5XuwfpkOsF9YP4LgmiFNdolAqkdn-NJWjiMbZGVPD-AFs3d8GnRXGNYT9vXjw9_g83bwe_OsPOz--sQtkI-JDDrjmC9ms3xGDaKl2r8PDsJa-MfSGGz7A |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2006+25th+IEEE+Symposium+on+Reliable+Distributed+Systems+%28SRDS%2706%29&rft.atitle=SegmentShield%3A+Exploiting+Segmentation+Hardware+for+Protecting+against+Buffer+Overflow+Attacks&rft.au=Shinagawa%2C+T.&rft.date=2006-10-01&rft.pub=IEEE&rft.isbn=9780769526775&rft.issn=1060-9857&rft.spage=277&rft.epage=288&rft_id=info:doi/10.1109%2FSRDS.2006.43&rft.externalDocID=4032489 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1060-9857&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1060-9857&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1060-9857&client=summon |