TY - GEN
T1 - Defending embedded systems against buffer overflow via hardware/software
AU - Shao, Zili
AU - Zhuge, Qingfeng
AU - He, Yi
AU - Sha, Edwin H.M.
N1 - Publisher Copyright:
© 2003 IEEE.
PY - 2003
Y1 - 2003
N2 - Buffer over-flow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. We propose the hardware/software address protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack smashing attacks and function pointer attacks) and then provide two corresponding defending strategies. In our technique, hardware boundary check method and function pointer XOR method are used to protect a system against stack smashing attacks and function pointer attacks, respectively. Although the focus of the HSAP technique is on embedded systems because of the availability of hardware support, we show that the HSAP technique is applied to any type of processors to defend against buffer overflow attacks. We use four classes of processors to illustrate that the applicability of our technique is independent of architectures. We experiment with our HSAP technique in ARM Evaluator-7T simulation development environments. The results show that our HSAP technique defends a system against more types of buffer overflow attacks with little overhead.
AB - Buffer over-flow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. We propose the hardware/software address protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack smashing attacks and function pointer attacks) and then provide two corresponding defending strategies. In our technique, hardware boundary check method and function pointer XOR method are used to protect a system against stack smashing attacks and function pointer attacks, respectively. Although the focus of the HSAP technique is on embedded systems because of the availability of hardware support, we show that the HSAP technique is applied to any type of processors to defend against buffer overflow attacks. We use four classes of processors to illustrate that the applicability of our technique is independent of architectures. We experiment with our HSAP technique in ARM Evaluator-7T simulation development environments. The results show that our HSAP technique defends a system against more types of buffer overflow attacks with little overhead.
UR - https://www.scopus.com/pages/publications/84944726311
U2 - 10.1109/CSAC.2003.1254340
DO - 10.1109/CSAC.2003.1254340
M3 - 会议稿件
AN - SCOPUS:84944726311
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 352
EP - 361
BT - Proceedings - 19th Annual Computer Security Applications Conference, ACSAC 2003
PB - IEEE Computer Society
T2 - 19th Annual Computer Security Applications Conference, ACSAC 2003
Y2 - 8 December 2003 through 12 December 2003
ER -