An Efficient Hardware-Oriented Runtime Approach for Stack-based Software Buffer Overflow Attacks

Sah, Love Kumar; Islam, Sheikh Ariful; Katkoori, Srinivas

doi:10.1109/asianhost.2018.8607169

Cited by 7 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A work on adaptive pipeline [34] allows a transparent solution to programmers/compilers and has very low overhead. However, it mainly focuses on stackbased buffer-overflow attacks during runtime.…”

Section: Recent Architectural Approachesmentioning

confidence: 99%

“…For example, Segmentation [25], Type-Assisted Buffer Overflow Detection [19], C Range Error Detector (CRED) [32], Integer Analysis to Determine Buffer Overflow [39], STOBO [14] and MemGuard [7] can detect stack/heap overflows on both control and non-control data, but some cannot detect array indexing errors. Jump Pointer [36] and adaptive pipeline [34] focus on stack overflows. StackGuard [7], SmashGuard [7], Minezone RAD [37] and Read-only RAD [37] can detect stack overflows, but focus on control data only.…”

Section: 1 Comparison Of Protection Coveragementioning

confidence: 99%

See 1 more Smart Citation

Boundary Bit: Architectural Bound Checking for Buffer-Overflow Protection

Chiamwongpaet

Piromsopa

2020

ECTI-CIT

View full text Add to dashboard Cite

We propose Boundary Bit, a new architectural bound-checking approach that detects and prevents buffer-overflow attacks. Boundary Bit extends an architecture by associating a bit to each memory entry. Software can set a (boundary) bit to delimit an object. On each memory access, the hardware will dynamically validate the object's bound using the boundary bit. With minimal hints from the compiler, our architectural design eliminates most (if not all) types of buffer-overflow attacks. These include attacks on non-control data (variables and arguments) and array-indexing errors. We evaluate the performance of Boundary Bit using simulation, and the results show that the majority of performance overheads lies in bit scanning operations. To mitigate performance overheads, we introduce a hardware bitmap to act as a cache. The results from our simulation shows that the hardware bitmap can absorb most overhead from bit scanning, which in the best-case scenario translated to 30 times speed up compared to the version that does not utilize bitmap cache.

show abstract

Section: Recent Architectural Approachesmentioning

confidence: 99%

Section: 1 Comparison Of Protection Coveragementioning

confidence: 99%

Boundary Bit: Architectural Bound Checking for Buffer-Overflow Protection

Chiamwongpaet

Piromsopa

2020

ECTI-CIT

View full text Add to dashboard Cite

show abstract

“…Still today many companies and individuals lack the awareness of the threats out there. This means that attacks such as Cross Site Scripting [30], SQL Injection [20], [8], [36], Denial of Service (DOS) [53], [51], Buffer Overflow [43] and Password Cracking [1], [54] are still relevant and viable attacks in the today's world.…”

Section: Introductionmentioning

confidence: 99%

A Survey of Network-based Security Attacks

Khan¹,

Goodridge²

2019

IJANA

View full text Add to dashboard Cite

Cross Site Scripting, SQL Injection, Denial of Service (DOS), Buffer Overflow and Password Cracking are current network-based security attacks that still looms on the Internet. Though these attacks have been around for decades and there exist protective mechanism for overcoming them they are still relevant today. In this paper we describe the basic workings of these attacks and outline how companies and individuals can mitigate these attacks. By taking the necessary precautions the severity of these attacks can be diminished.

show abstract