Encoding function pointers and memory arrangement checking against buffer overflow attack

Changwoo Pyo; Gyungho Lee

doi:10.1007/3-540-36159-6_3

Encoding function pointers and memory arrangement checking against buffer overflow attack

Changwoo Pyo, Gyungho Lee

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

Program counter is the only mechanism for processor to access instruction to execute. Protecting program counter is the fundamental defense for securing computer system. This paper presents a scheme of protecting program counter by encoding function pointers. In the scheme, every function address is encoded by linker. Compiler inserts instructions for decoding function addresses before call instruction. Encoding code pointers, function addresses as well as return addresses in stack frame, provides substantial coverage of protecting program counter. Several suggestions are also made to detect compromised code pointers at run-time without memory space for sensor mechanism. A demo Linux system has been under construction with the proposed scheme. Experimental data shows performance slowdown less than 10% when all return addresses and function addresses are encoded. With a Pentium III processor of 866MHz, the overhead for each function call is on the order of nanoseconds. We plan to migrate parts of our code pointer encoding scheme from linker to dynamic linker, which should improve security and performance.

Original language	English
Title of host publication	Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings
Editors	Robert Deng, Feng Bao, Jianying Zhou, Sihan Qing
Publisher	Springer Verlag
Pages	25-36
Number of pages	12
ISBN (Print)	3540001646
DOIs	https://doi.org/10.1007/3-540-36159-6_3
Publication status	Published - 2002
Event	4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore Duration: 2002 Dec 9 → 2002 Dec 12

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2513
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	4th International Conference on Information and Communications Security, ICICS 2002
Country/Territory	Singapore
City	Singapore
Period	02/12/9 → 02/12/12

Keywords

Buffer overflow attack
Function pointer encoding
Memory arrangement checking
Program counter

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/3-540-36159-6_3

Cite this

Pyo, C., & Lee, G. (2002). Encoding function pointers and memory arrangement checking against buffer overflow attack. In R. Deng, F. Bao, J. Zhou, & S. Qing (Eds.), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings (pp. 25-36). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513). Springer Verlag. https://doi.org/10.1007/3-540-36159-6_3

Encoding function pointers and memory arrangement checking against buffer overflow attack. / Pyo, Changwoo; Lee, Gyungho.
Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. ed. / Robert Deng; Feng Bao; Jianying Zhou; Sihan Qing. Springer Verlag, 2002. p. 25-36 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Pyo, C & Lee, G 2002, Encoding function pointers and memory arrangement checking against buffer overflow attack. in R Deng, F Bao, J Zhou & S Qing (eds), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2513, Springer Verlag, pp. 25-36, 4th International Conference on Information and Communications Security, ICICS 2002, Singapore, Singapore, 02/12/9. https://doi.org/10.1007/3-540-36159-6_3

Pyo C, Lee G. Encoding function pointers and memory arrangement checking against buffer overflow attack. In Deng R, Bao F, Zhou J, Qing S, editors, Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Springer Verlag. 2002. p. 25-36. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/3-540-36159-6_3

Pyo, Changwoo ; Lee, Gyungho. / Encoding function pointers and memory arrangement checking against buffer overflow attack. Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. editor / Robert Deng ; Feng Bao ; Jianying Zhou ; Sihan Qing. Springer Verlag, 2002. pp. 25-36 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{87337288d4a74246aaff5bd1fb1a7d84,

title = "Encoding function pointers and memory arrangement checking against buffer overflow attack",

abstract = "Program counter is the only mechanism for processor to access instruction to execute. Protecting program counter is the fundamental defense for securing computer system. This paper presents a scheme of protecting program counter by encoding function pointers. In the scheme, every function address is encoded by linker. Compiler inserts instructions for decoding function addresses before call instruction. Encoding code pointers, function addresses as well as return addresses in stack frame, provides substantial coverage of protecting program counter. Several suggestions are also made to detect compromised code pointers at run-time without memory space for sensor mechanism. A demo Linux system has been under construction with the proposed scheme. Experimental data shows performance slowdown less than 10% when all return addresses and function addresses are encoded. With a Pentium III processor of 866MHz, the overhead for each function call is on the order of nanoseconds. We plan to migrate parts of our code pointer encoding scheme from linker to dynamic linker, which should improve security and performance.",

keywords = "Buffer overflow attack, Function pointer encoding, Memory arrangement checking, Program counter",

author = "Changwoo Pyo and Gyungho Lee",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2002.; 4th International Conference on Information and Communications Security, ICICS 2002 ; Conference date: 09-12-2002 Through 12-12-2002",

year = "2002",

doi = "10.1007/3-540-36159-6_3",

language = "English",

isbn = "3540001646",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "25--36",

editor = "Robert Deng and Feng Bao and Jianying Zhou and Sihan Qing",

booktitle = "Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings",

}

TY - GEN

T1 - Encoding function pointers and memory arrangement checking against buffer overflow attack

AU - Pyo, Changwoo

AU - Lee, Gyungho

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 2002.

PY - 2002

Y1 - 2002

N2 - Program counter is the only mechanism for processor to access instruction to execute. Protecting program counter is the fundamental defense for securing computer system. This paper presents a scheme of protecting program counter by encoding function pointers. In the scheme, every function address is encoded by linker. Compiler inserts instructions for decoding function addresses before call instruction. Encoding code pointers, function addresses as well as return addresses in stack frame, provides substantial coverage of protecting program counter. Several suggestions are also made to detect compromised code pointers at run-time without memory space for sensor mechanism. A demo Linux system has been under construction with the proposed scheme. Experimental data shows performance slowdown less than 10% when all return addresses and function addresses are encoded. With a Pentium III processor of 866MHz, the overhead for each function call is on the order of nanoseconds. We plan to migrate parts of our code pointer encoding scheme from linker to dynamic linker, which should improve security and performance.

AB - Program counter is the only mechanism for processor to access instruction to execute. Protecting program counter is the fundamental defense for securing computer system. This paper presents a scheme of protecting program counter by encoding function pointers. In the scheme, every function address is encoded by linker. Compiler inserts instructions for decoding function addresses before call instruction. Encoding code pointers, function addresses as well as return addresses in stack frame, provides substantial coverage of protecting program counter. Several suggestions are also made to detect compromised code pointers at run-time without memory space for sensor mechanism. A demo Linux system has been under construction with the proposed scheme. Experimental data shows performance slowdown less than 10% when all return addresses and function addresses are encoded. With a Pentium III processor of 866MHz, the overhead for each function call is on the order of nanoseconds. We plan to migrate parts of our code pointer encoding scheme from linker to dynamic linker, which should improve security and performance.

KW - Buffer overflow attack

KW - Function pointer encoding

KW - Memory arrangement checking

KW - Program counter

UR - http://www.scopus.com/inward/record.url?scp=84944034531&partnerID=8YFLogxK

U2 - 10.1007/3-540-36159-6_3

DO - 10.1007/3-540-36159-6_3

M3 - Conference contribution

AN - SCOPUS:84944034531

SN - 3540001646

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 25

EP - 36

BT - Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings

A2 - Deng, Robert

A2 - Bao, Feng

A2 - Zhou, Jianying

A2 - Qing, Sihan

PB - Springer Verlag

T2 - 4th International Conference on Information and Communications Security, ICICS 2002

Y2 - 9 December 2002 through 12 December 2002

ER -

Encoding function pointers and memory arrangement checking against buffer overflow attack

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this