TY - CHAP
T1 - Enforcement of architectural safety guards to deter malicious code attacks through buffer overflow vulnerabilities
AU - Choi, Lynn
AU - Shin, Yong
PY - 2004
Y1 - 2004
N2 - The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Slammer. In this paper, we propose a new architectural solution to detect and deter the buffer overflow exploit. The idea is that the buffer overflow attacks usually exhibit abnormal symptoms in the system. This kind of unusual behavior can be simply detected by checking the integrity of instruction and data references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the integrity rules are negligible. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed safety guards. By randomly corrupting stack and other data sections of a process's address space during simulation, we create various buffer overflow scenarios, including both stack and heap smashing. Experimental data shows that enforcing two safety guards not only reduces the number of system failures substantially but it also circumvents virtually all forms of malicious code execution made by stack smashing or function pointer corruptions.
AB - The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Slammer. In this paper, we propose a new architectural solution to detect and deter the buffer overflow exploit. The idea is that the buffer overflow attacks usually exhibit abnormal symptoms in the system. This kind of unusual behavior can be simply detected by checking the integrity of instruction and data references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the integrity rules are negligible. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed safety guards. By randomly corrupting stack and other data sections of a process's address space during simulation, we create various buffer overflow scenarios, including both stack and heap smashing. Experimental data shows that enforcing two safety guards not only reduces the number of system failures substantially but it also circumvents virtually all forms of malicious code execution made by stack smashing or function pointer corruptions.
UR - http://www.scopus.com/inward/record.url?scp=35048841168&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35048841168&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-24714-2_6
DO - 10.1007/978-3-540-24714-2_6
M3 - Chapter
AN - SCOPUS:35048841168
SN - 3540212388
SN - 9783540212386
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 47
EP - 60
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
A2 - Müller-Schloer, Christian
A2 - Ungerer, Theo
A2 - Bauer, Bernhard
PB - Springer Verlag
ER -