SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied cod...
Uložené v:
| Vydané v: | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) s. 277 - 288 |
|---|---|
| Hlavný autor: | |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.10.2006
|
| Predmet: | |
| ISBN: | 9780769526775, 0769526772 |
| ISSN: | 1060-9857 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
|---|---|
| AbstractList | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
| Author | Shinagawa, T. |
| Author_xml | – sequence: 1 givenname: T. surname: Shinagawa fullname: Shinagawa, T. organization: Div. of Syst. Inf. Sci., Tokyo Univ. of Agric. & Technol |
| BookMark | eNotjEtPwkAYADcRExF78-Zl_0Bx3w9viCgmJBjLWbJtv62rpSXbFfTfmyinOcxkLtGo6ztA6JqSKaXE3havD8WUEaKmgp-hzGpDtLKSKa3lCI0pUSS3RuoLlA3DByGEWqUFpWP0VkCzgy4V7wHa-g4vvvdtH1LoGnwyLoW-w0sX66OLgH0f8UvsE1R_kWtc6IaE77-8h4jXB4i-7Y94lpKrPocrdO5dO0B24gRtHheb-TJfrZ-e57NVHpigKafMypoyJr0npbKl5MBMKVmlRC1K5sA6LS33wtG6NtKAsqCoMEr4ihvFJ-jmfxsAYLuPYefiz1YQzoSx_BdUzlXe |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SRDS.2006.43 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Agriculture Computer Science |
| EndPage | 288 |
| ExternalDocumentID | 4032489 |
| Genre | orig-research |
| GroupedDBID | 23M 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| IEDL.DBID | RIE |
| ISBN | 9780769526775 0769526772 |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1060-9857 |
| IngestDate | Wed Aug 27 01:57:39 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_4032489 |
| PublicationCentury | 2000 |
| PublicationDate | 2006-10-01 |
| PublicationDateYYYYMMDD | 2006-10-01 |
| PublicationDate_xml | – month: 10 year: 2006 text: 2006-10-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationTitle | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) |
| PublicationTitleAbbrev | SRDS |
| PublicationYear | 2006 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001967411 ssj0020387 |
| Score | 1.6953179 |
| Snippet | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 277 |
| SubjectTerms | Agriculture Buffer overflow Cryptography Hardware Information science Kernel Linux Protection Runtime Security |
| Title | SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks |
| URI | https://ieeexplore.ieee.org/document/4032489 |
| WOSCitedRecordID | wos000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07b8IwELYAdWgXWqDqWx46NiUP27G70QfqRFFhYCqy4wuKhKBKQ_n7tZ0QOnTplpeSyM7lzvd9dx9Ct75ItR9I7VESWAmzKPWUpuBxMOGFBPM_DBMnNhGPRnw2E-MGuqtrYQDAkc_g3m46LF-vk41NlfWJb9w_F03UjGNW1mrt8ymCGedY0ztCC8s6pJP5nuA0LpfsgobMxJNV553dPq0Z8aI_eX-elBiFLeT5pbjiHM6w_b9XPUa9feUeHtc-6QQ1YNVBR4NFXrXYgA5q74QccGXXXfQxgYW9nxXGXuoH7Ih5mSVE4-qMmz9sYf6tzAGbSNc-xgIQ9iK5kJkJM_Hjxqqt4DdjHulyvcWDorAl_D00Hb5Mn169SnjBy4xDLzwTA1AdGEtPU18xoWgEIVc0TBjRRIUShIypmVYiA6055cAE2IaijKRJxFl0ilqr9QrOECZhrJiOlBCQEF9zBUozP5SRT1JGkuQcde3YzT_L1hrzatgu_j58iQ5dBsRx6a5Qq8g3cI0Oku8i-8pv3PfwAy8msMc |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwED5BQQIW3uKNB0YCaWK7NhtPFVEKoh2YqOz4UlWqWlRS-vfxuaEwsLDlpSSyc7nzfd_dB3AS69zFVeMiwaskYZbmkXUCI4U-vDDo_4dJFsQmas2men3Vz3NwOquFQcRAPsMz2gxYvhtmY0qVnfPYu3-l52GBlLPKaq2fjIqW3j3OCB4JAbMB65RxpJWoTRftWiTSR5Rl753vfTHjxOvz1stNa4pSUCnPL82V4HLuVv_3smuw9VO7x55nXmkd5nCwASuX3VHZZAM3YPVbyoGVlr0Jby3s0v1IGrvvLlig5vWIEs3KM2EGGQH9EzNC5mNdegxBEHSR6ZqeDzTZ1Zj0VtiTN5C8P5ywy6KgIv4taN_dtq_rUSm9EPW8Sy8iHwUIV_W2nuexldqKFBNlRZJJ7rhNDGpTE35iuak6p4RCqZFaikqeZ6mS6TZUBsMB7gDjSc1Kl1qtMeOxUxatk3Fi0pjnkmfZLmzS2HXep801OuWw7f19-BiW6u3HRqdx33zYh-WQDwnMugOoFKMxHsJi9ln0PkZH4dv4Apd-tBA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2006+25th+IEEE+Symposium+on+Reliable+Distributed+Systems+%28SRDS%2706%29&rft.atitle=SegmentShield%3A+Exploiting+Segmentation+Hardware+for+Protecting+against+Buffer+Overflow+Attacks&rft.au=Shinagawa%2C+T.&rft.date=2006-10-01&rft.pub=IEEE&rft.isbn=9780769526775&rft.issn=1060-9857&rft.spage=277&rft.epage=288&rft_id=info:doi/10.1109%2FSRDS.2006.43&rft.externalDocID=4032489 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1060-9857&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1060-9857&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1060-9857&client=summon |