SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied cod...
Uloženo v:
| Vydáno v: | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) s. 277 - 288 |
|---|---|
| Hlavní autor: | |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.10.2006
|
| Témata: | |
| ISBN: | 9780769526775, 0769526772 |
| ISSN: | 1060-9857 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
|---|---|
| AbstractList | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3% |
| Author | Shinagawa, T. |
| Author_xml | – sequence: 1 givenname: T. surname: Shinagawa fullname: Shinagawa, T. organization: Div. of Syst. Inf. Sci., Tokyo Univ. of Agric. & Technol |
| BookMark | eNotjEtPwkAYADcRExF78-Zl_0Bx3w9viCgmJBjLWbJtv62rpSXbFfTfmyinOcxkLtGo6ztA6JqSKaXE3havD8WUEaKmgp-hzGpDtLKSKa3lCI0pUSS3RuoLlA3DByGEWqUFpWP0VkCzgy4V7wHa-g4vvvdtH1LoGnwyLoW-w0sX66OLgH0f8UvsE1R_kWtc6IaE77-8h4jXB4i-7Y94lpKrPocrdO5dO0B24gRtHheb-TJfrZ-e57NVHpigKafMypoyJr0npbKl5MBMKVmlRC1K5sA6LS33wtG6NtKAsqCoMEr4ihvFJ-jmfxsAYLuPYefiz1YQzoSx_BdUzlXe |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SRDS.2006.43 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Agriculture Computer Science |
| EndPage | 288 |
| ExternalDocumentID | 4032489 |
| Genre | orig-research |
| GroupedDBID | 23M 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| IEDL.DBID | RIE |
| ISBN | 9780769526775 0769526772 |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1060-9857 |
| IngestDate | Wed Aug 27 01:57:39 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i241t-1295d1225ff0b69b53e28b52c64d4b2ae9a7593f4a1dd858e69e614864fc3863 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_4032489 |
| PublicationCentury | 2000 |
| PublicationDate | 2006-10-01 |
| PublicationDateYYYYMMDD | 2006-10-01 |
| PublicationDate_xml | – month: 10 year: 2006 text: 2006-10-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationTitle | 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) |
| PublicationTitleAbbrev | SRDS |
| PublicationYear | 2006 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001967411 ssj0020387 |
| Score | 1.6953179 |
| Snippet | This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 277 |
| SubjectTerms | Agriculture Buffer overflow Cryptography Hardware Information science Kernel Linux Protection Runtime Security |
| Title | SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks |
| URI | https://ieeexplore.ieee.org/document/4032489 |
| WOSCitedRecordID | wos000242572700025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3NT8IwFG-AeNALChi_04NHJ2ztutYbfhAPBokQw0nSrS1ZQsDMIf--fd0YHrx421e2ptvbe33v93s_hK5NRHyq7UpVEj_2aEKBrAxpOMVjoiRNjGO9v79EwyGfTsWohm4qLozW2oHP9C1sulq-WiVrSJV1ac-6fy7qqB5FrOBq7fIpglnnWME7AijLukon63mCh1GxZBdhwGw8WXbe2e6HFSJedMdvj-OiRgFEnl-KK87hDJr_G-oh6uyYe3hU-aQjVNPLFjroz7OyxYZuoeZWyAGXdt1GH2M9h_uBMPZC3WEHzEsBEI3LM-79YSjzb2SmsY104TFQgICL5FymNszE92tQW8Gv1jzMYrXB_TwHCn8HTQZPk4dnrxRe8FLr0HPPxgCh8q2lG9OLmYhDogMeh0HCqKJxILWQUSiIodJXiodcM6GhoSijJiGckWPUWK6W-gRhCI8STrkyhILOtSTwG4mNH0ljQ6XkFLVh7mafRWuNWTltZ38fPkf7LgPisHQXqJFna32J9pLvPP3Krtz38ANGx6_I |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwEB2VRQIuBQpixweOhDaxndjcylIVUQqiFeqJyontqlLVopLC7-NxQ-HAhVs2JZaTyYxn3psHcGYTGjLjVqqKhmnAMoZkZUzDaZFSrVhmPev9pZW026LXk08lOF9wYYwxHnxmLnDT1_L1JJthqqzKas79C7kEK5yxqDZna_1kVGTs3OMC4BFhYdbXOuNaIAVP5ot2yaPYRZRF753vfb7AxMtq5_mmM69SIJXnl-aKdzmN8v8Guwk7P9w98rTwSltQMuNt2KgPpkWTDbMN5W8pB1JYdgVeO2aA90Np7JG-JB6aN0RINCnO-DdIsND_qaaGuFgXH4MlCLxIDdTQBZrkaoZ6K-TRGYgdTT5JPc-RxL8D3cZt97oZFNILwdC59DxwUQDXobN1a2tpLFNOTSRSHmUx0yyNlJEq4ZJapkKtBRcmlgZbisbMZlTEdBeWx5Ox2QOCAVImmNCWMlS6VhR_JKkNE2VdsJTtQwXnrv82b67RL6bt4O_Dp7DW7D60-q279v0hrPt8iEfWHcFyPp2ZY1jNPvLh-_TEfxtfnmizDw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2006+25th+IEEE+Symposium+on+Reliable+Distributed+Systems+%28SRDS%2706%29&rft.atitle=SegmentShield%3A+Exploiting+Segmentation+Hardware+for+Protecting+against+Buffer+Overflow+Attacks&rft.au=Shinagawa%2C+T.&rft.date=2006-10-01&rft.pub=IEEE&rft.isbn=9780769526775&rft.issn=1060-9857&rft.spage=277&rft.epage=288&rft_id=info:doi/10.1109%2FSRDS.2006.43&rft.externalDocID=4032489 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1060-9857&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1060-9857&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1060-9857&client=summon |