ABSTRACT
Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.
- Aleph One. Smashing the stack for fun and profit, Phrack Magazine, 7(49): File 14, 1996.]]Google Scholar
- Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. Proceedings of the USNIX Annual Technical Conference, June 2000.]] Google ScholarDigital Library
- Bulba and Kil3r. Bypassing StackGuard & Stackshield. Pharck magazine vol. 11 Issue 56.]]Google Scholar
- P.Y. Chang, E. Hao, and Y.N. Patt. Alternative implementations of hybrid branch predictors. Proceeding of Micro-28, page 252--257, Dec. 1995.]] Google ScholarDigital Library
- Tzi-Cker Chiveh and Fu-Hau Hsu. RAD: A compile-time solution to Buffer Overflow Attacks. Proceeding of 21st International conference on Distributed Computing system, 2001.]] Google ScholarDigital Library
- Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bake, Steve Beattie, Aron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic Detection and prevention of Buffer-Overflow Attacks. Proceeding of the 7th USENIX security symposium, 1998.]] Google ScholarDigital Library
- Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve Beattie, and Jonathan Walpole. Buffer Overflows: Attacks and defense for the vulnerability of the Decade. DARPA Information survivability Conference and Expo DISCEX, 1999.]]Google Scholar
- Roman Danyliw and Allen Householder. CERT Advisory CA-2001-19: Code Red Worm Exploiting Buffer Overflow IN IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, Jul. 2001.]]Google Scholar
- Solar Designer. Non-Executable user stack. http://www.openwall.com/]]Google Scholar
- Compaq Computer Corporation. Alpha 21264/EV6 Microprocessor Hard-ware Reference Manual. Sept. 2000.]]Google Scholar
- DilDog. The Tao of Windows Buffer Overflow. http://www.cultdeadcow.com/cDc_files/cDc-351/]]Google Scholar
- Chad Dougherty, Jeffrey Havrilla, Shawn Hernan, and Marty Lindner. CERT Advisory CA-2003-20 W32/Blaster worm. http://www.cert.org/advisories/CA-2003-20.html]]Google Scholar
- Mark W. Eichin and Jon A.Rochlis. With microscope and tweezers: An analysis of the Internet virus of November 1988. Proceeding of the IEEE Symposium on Research in Security and Privacy, 1989.]]Google Scholar
- J. E. Smith, and A. R. Pleszkun. Implementing precise interrupts in pipelined processors. IEEE Trans on Computer 37:5, 1988.]] Google ScholarDigital Library
- Blaise Gassend, G. Edward suh, Dwain Clarke Marten Van Dijk, Srivas Devadas. Cache and Merkle trees for efficient Memory Authentication. Proceedings of the 9th High Performance Computer Architecture Symposium, February 2003.]] Google ScholarDigital Library
- R.W.M. Jones and P.H.J. Kelly. Backward-compatible bounds checking for arrays and pointers in C programs. Proceedings of the 3rd International Workshop on Automated Debugging, 1997.]]Google Scholar
- J. L Hennesy, D. A. Patterson. Computer Architecture A quantitative approach. Morgan Kaufman publisher Inc. 1996.]] Google ScholarDigital Library
- ICAT Metabase A CVE Based Vulnerability Database, http://www.icat.nist.gov/icat.cfm]]Google Scholar
- Intel Corporation. IA-32 Intel Architecture Software Developer's Manual. 2003.]]Google Scholar
- Klog. Frame pointer overwrite. Pharack magazine vol.9. Isuue 55.]]Google Scholar
- David Lie, Chandramohan Thekkath, Mark Mitchell, and Patrick Lincoln. Architectural Supports for Copy and Tamper Resistant Software. APOLS-IX 2000 Cambridge, Massachusetts. 2000.]]Google Scholar
- Ralph Merkle. Protocols for public key cryptography. IEEE Symposium on Security and privacy. Page 122--134, 1980.]]Google Scholar
- K. Skadron, P. S. Ahuja, M. Martonosi and D.W. Clark. Improving prediction for Procedure Returns with Return-Address-Stack Repair Mechanisms. Proceedings of the 31st Annual ACM/IEEE international symposium on Microarchitecture, page 259--271, Dec. 1998.]] Google ScholarDigital Library
- A. Tyagi, and G. Lee. Encoded program counter: Self Protection from Buffer Overflow Attacks. Proceedings of International conference on Internet Computing (IC'2000), June 2000.]]Google Scholar
- C. Pyo and Gyungho Lee. Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack. Proceeding of the Fourth International Conference on Information and Communications Security (as Lecture Notes in Computer Science Vol. 2513, Springer-verlag), Singapore, Dec. 2002.]] Google ScholarDigital Library
- R. Rivest. RFC1321: The MD-5 message-Digest Algorithm, 1992.]] Google ScholarDigital Library
Index Terms
- Repairing return address stack for buffer overflow protection
Recommendations
Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks
Although researchers have proposed several software approaches to preventing buffer overflow attacks, adversaries still extensively exploit this vulnerability. A microarchitecture-based, software-transparent mechanism offers protection against stack-...
Return address randomization scheme for annuling data-injection buffer overflow attacks
Inscrypt'06: Proceedings of the Second SKLOIS conference on Information Security and CryptologyBuffer overflow(BOF) has been the most common form of vulnerability in software systems today, and many methods exist to defend software systems against BOF attacks. Among them, the instruction set randomization scheme, which makes attacker not to know ...
Realization of Buffer Overflow
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 01In recent decades, the buffer overflow has been a source of many serious security issues. In recent years, by the CERT/CC (Computer Emergency Response Term/Coodination Center) issued advice on the buffer overflow vulnerability for more than accounted ...
Comments