SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied cod...
Saved in:
| Published in: | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) pp. 277 - 288 |
|---|---|
| Main Author: | |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01.10.2006
|
| Subjects: | |
| ISBN: | 9780769526775, 0769526772 |
| ISSN: | 1060-9857 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
|---|---|
| AbstractList | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
| Author | Shinagawa, T. |
| Author_xml | – sequence: 1 givenname: T. surname: Shinagawa fullname: Shinagawa, T. organization: Div. of Syst. Inf. Sci., Tokyo Univ. of Agric. & Technol |
| BookMark | eNotjEtPwkAYADcRExF78-Zl_0Bx3w9viCgmJBjLWbJtv62rpSXbFfTfmyinOcxkLtGo6ztA6JqSKaXE3havD8WUEaKmgp-hzGpDtLKSKa3lCI0pUSS3RuoLlA3DByGEWqUFpWP0VkCzgy4V7wHa-g4vvvdtH1LoGnwyLoW-w0sX66OLgH0f8UvsE1R_kWtc6IaE77-8h4jXB4i-7Y94lpKrPocrdO5dO0B24gRtHheb-TJfrZ-e57NVHpigKafMypoyJr0npbKl5MBMKVmlRC1K5sA6LS33wtG6NtKAsqCoMEr4ihvFJ-jmfxsAYLuPYefiz1YQzoSx_BdUzlXe |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SRDS.2006.43 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Agriculture Computer Science |
| EndPage | 288 |
| ExternalDocumentID | 4032489 |
| Genre | orig-research |
| GroupedDBID | 23M 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| IEDL.DBID | RIE |
| ISBN | 9780769526775 0769526772 |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1060-9857 |
| IngestDate | Wed Aug 27 01:57:39 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_4032489 |
| PublicationCentury | 2000 |
| PublicationDate | 2006-10-01 |
| PublicationDateYYYYMMDD | 2006-10-01 |
| PublicationDate_xml | – month: 10 year: 2006 text: 2006-10-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationTitle | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) |
| PublicationTitleAbbrev | SRDS |
| PublicationYear | 2006 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001967411 ssj0020387 |
| Score | 1.6952277 |
| Snippet | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 277 |
| SubjectTerms | Agriculture Buffer overflow Cryptography Hardware Information science Kernel Linux Protection Runtime Security |
| Title | SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks |
| URI | https://ieeexplore.ieee.org/document/4032489 |
| WOSCitedRecordID | wos000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07b8IwELYAdWgXWqDqWx46NiUktmN3ow_UoaKoMDAV2fEZISGo0lD-fm0nDR26dMtLieXL6Tv7--4OoWsZAoNIs0DERgVEUhkoBTyQaZiKyKQWA33J_JdkOOTTqRjV0E2VCwMAXnwGt-7Qc_l6nW7cVlmXhBb-uaijepKwIldrt58imAXHSt4ROVrWM50sDASnSbFkFzRiNp4sK-_8nNNKES-647fHccFRuESeXx1XPOAMmv8b6iHq7DL38KjCpCNUg1ULHfTnWVliA1qo-dPIAZd-3UbvY5i797nG2Et9h70wb-EE0bi84-2HHc2_lRlgG-m6zzgCwj0k53Jhw0x8v3HdVvCrdQ-zXG9xP89dCn8HTQZPk4fnoGy8ECwsoOeBjQGo7llPNyZUTCgaQ8QVjVJGNFGRBCETao1LZE9rTjkwAa6gKCMmjTmLj1FjtV7BCcJMErcEMzxKNYmVsUYSiktpmJKaaXmK2m7uZh9FaY1ZOW1nf18-R_t-B8Rr6S5QI882cIn20q988Zld-f_hG_vfsb8 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwED6VggQs5SneeGAkkDq2a7PxFIhSEO3ARGXH56pS1aKSwt_HdkNhYGHLS4nly-k7-_vuDuBIpyiQWpGozJmEaa4TY1AmOk9zRV3uMTCWzG82Wi358qKeKnA8y4VBxCg-w5NwGLl8O8onYavslKUe_qWag3nOGE2n2Vo_OypKeHicCTxoIGYj1ynSREnemC7aFafCR5Rl7Z3vcz7TxKvT9vNVe8pShFSeXz1XIuTc1P432BXY-MndI08zVFqFCg7XYPm8Ny6LbOAa1L5bOZDSs9fhtY298L7QGntgz0iU5vWDJJqUd6IFSSD6P_UYiY91w2cCBREe0j3d94EmuZiEfivk0TuIG4w-yXlRhCT-DejcXHcub5Oy9ULS95BeJD4K4Lbufd251AhleIZUGk5zwSwzVKPSDe7Ny3TdWsklCoWhpKhgLs-kyDahOhwNcQuI0CwswpykuWWZcd5IykitnTDaCqu3YT3MXfdtWlyjW07bzt-XD2HxtvPQ7DbvWve7sBT3Q6Kybg-qxXiC-7CQfxT99_FB_De-AG0NtQY |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2006+25th+IEEE+Symposium+on+Reliable+Distributed+Systems+%28SRDS%2706%29&rft.atitle=SegmentShield%3A+Exploiting+Segmentation+Hardware+for+Protecting+against+Buffer+Overflow+Attacks&rft.au=Shinagawa%2C+T.&rft.date=2006-10-01&rft.pub=IEEE&rft.isbn=9780769526775&rft.issn=1060-9857&rft.spage=277&rft.epage=288&rft_id=info:doi/10.1109%2FSRDS.2006.43&rft.externalDocID=4032489 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1060-9857&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1060-9857&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1060-9857&client=summon |