Abstract
The threat based on Buffer Overflow is one of the main software vulnerability which is exploited by many viruses and cyber attacks. A buffer overflow overwrites the return address to the parent program of a subroutine. To counter it, we propose in this paper to mask on-the-fly this return address by slightly modifying the processor architecture. We show that the hardware overhead, as well as software modification, is very small. The efficiency has been demonstrated on a bare metal program running on a Leon 3 processor. This paper also shows the limitation when using a real OS.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Linux kernel remote buffer overflow vulnerabilities (2006). http://secwatch.org/advisories/1013445/
Openbsd ipv6 mbuf remote kernel buffer overflow (2007). http://www.securityfocus.com/archive/1/462728/30/0/threaded
Microsoft security bulletin ms08-067 – critical (2008). http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Microsoft windows tcp/ip igmp mld remote buffer overflow vulnerability (2008). http://www.securityfocus.com/bid/27100
Microsoft security advisory (975191): Vulnerabilities in the ftp service ininternet information services (2009). http://www.microsoft.com/technet/security/advisory/975191.mspx
Microsoft security advisory (975497): Vulnerabilities in smb could allow remotecode execution (2009). http://www.microsoft.com/technet/security/advisory/975497.mspx
Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computerand Communications Security, pp. 30–40. ACM (2011)
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: Generalizing return-orientedprogramming to risc. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27–38. ACM (2008)
Cowan, C., Calton, P., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. Usenix Secur. 98, 63–78 (1998)
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguard TM: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th Conference on USENIX SecuritySymposium, vol. 12, pp. 91–104 (2003)
Dalton, M., Kannan, H., Kozyrakis, C.: Real-world buffer overflow protection for userspace and kernelspace. In: USENIX Security Symposium, pp. 395–410 (2008)
Frantzen, M., Shuey, M.: Stackghost: Hardware facilitated stack protection. In: USENIX Security Symposium, vol. 112 (2001)
Papadogiannakis, A., Loutsis, L., Papaefstathiou, V., Ioannidis, S.: Asist: Architectural support for instruction set randomization. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, pp. 981–992. ACM (2013)
Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. Secur. Priv. IEEE 2(4), 20–27 (2004)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307. ACM (2004)
Acknowlegments
These developments have been supported by the Directorate General of Armaments and the General Directorate for Enterprises through the RAPID “CyberCPU” project. We thank the positive feedback from the French DGA/MI (Information Superiority) who helped improve this paper and our work in general.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Danger, JL., Guilley, S., Porteboeuf, T., Praden, F., Timbert, M. (2016). Hardware-Enforced Protection Against Buffer Overflow Using Masked Program Counter. In: Ryan, P., Naccache, D., Quisquater, JJ. (eds) The New Codebreakers. Lecture Notes in Computer Science(), vol 9100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49301-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-662-49301-4_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49300-7
Online ISBN: 978-3-662-49301-4
eBook Packages: Computer ScienceComputer Science (R0)