Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nathan Tuck Articles by Brad Calder Articles by George Varghese

37th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'04)

Portland,Oregon

December 04-December 08

ISBN: 0-7695-2126-6

	ASCII Text	x
	Nathan Tuck, Brad Calder, George Varghese, "Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow," Microarchitecture, IEEE/ACM International Symposium on, pp. 209-220, 37th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'04), 2004.

	BibTex	x
	@article{ 10.1109/MICRO.2004.20, author = {Nathan Tuck and Brad Calder and George Varghese}, title = {Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow}, journal ={Microarchitecture, IEEE/ACM International Symposium on}, volume = {0}, year = {2004}, issn = {1072-4451}, pages = {209-220}, doi = {http://doi.ieeecomputersociety.org/10.1109/MICRO.2004.20}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Microarchitecture, IEEE/ACM International Symposium on TI - Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow SN - 1072-4451 SP209 EP220 A1 - Nathan Tuck, A1 - Brad Calder, A1 - George Varghese, PY - 2004 KW - null VL - 0 JA - Microarchitecture, IEEE/ACM International Symposium on ER -

Nathan Tuck, University of California, San Diego

Brad Calder, University of California, San Diego

George Varghese, University of California, San Diego

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MICRO.2004.20

Buffer overflow vulnerabilities are currently the most prevalent security vulnerability; they are responsible for over half of the CERT advisories issued in the last three years. Since many attacks exploit buffer overflow vulnerabilities, techniques that prevent buffer overflow attacks would greatly increase the difficulty of writing a new worm.

This paper examines both software and hardware solutions for protecting code pointers from buffer overflow attacks. We first evaluate the performance overhead of the existing Point-Guard software solution for protecting code pointers, and show that it can be applied using binary modification to protect return pointers on the stack. These software techniques guard against write attacks, but not read attacks, where an attacker is attempting to gain information about the pointer protection mechanism in order to later mount a write buffer attack. To address this, we examine encryption hardware to provide security for code pointers from read and write attacks. In addition, we show that pure software solutions can degrade program performance, and the light-weight encryption hardware techniques we examine can be used to provide protection with little performance overhead.

Citation:

Nathan Tuck, Brad Calder, George Varghese, "Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow," micro, pp.209-220, 37th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.