SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks

This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied cod...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) s. 277 - 288
Hlavní autor: Shinagawa, T.
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.10.2006
Témata:
Agriculture
Buffer overflow
Cryptography
Hardware
Information science
Kernel
Linux
Protection
Runtime
Security
ISBN:9780769526775, 0769526772
ISSN:1060-9857
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%
ISBN:9780769526775
0769526772
ISSN:1060-9857
DOI:10.1109/SRDS.2006.43