Efficient array & pointer bound checking against buffer overflow attacks via hardware/software

Zili Shao; Chun Xue; Qingfeng Zhuge; Edwin H.M. Sha; Bin Xiao

Efficient array & pointer bound checking against buffer overflow attacks via hardware/software

Zili Shao^*
, Chun Xue
, Qingfeng Zhuge
, Edwin H.M. Sha
, Bin Xiao

^*此作品的通讯作者

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

3 引用（Scopus）

摘要

Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.

源语言	英语
主期刊名	Proceedings ITCC 2005 - International Conference on Information Technology
主期刊副标题	Coding and Computing
编辑	H. Selvaraj, P.K. Srimani
页	780-785
页数	6
出版状态	已出版 - 2005
已对外发布	是
活动	ITCC 2005 - International Conference on Information Technology: Coding and Computing - Las Vegas, NV, 美国期限: 4 4月 2005 → 6 4月 2005

出版系列

姓名	International Conference on Information Technology: Coding and Computing, ITCC
卷	1

会议

会议	ITCC 2005 - International Conference on Information Technology: Coding and Computing
国家/地区	美国
市	Las Vegas, NV
时期	4/04/05 → 6/04/05

其它文件与链接

链接到 Scopus 的出版物

引用此

Shao, Z., Xue, C., Zhuge, Q., Sha, E. H. M., & Xiao, B. (2005). Efficient array & pointer bound checking against buffer overflow attacks via hardware/software. 在 H. Selvaraj, & P. K. Srimani (编辑), Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing (页码 780-785). (International Conference on Information Technology: Coding and Computing, ITCC; 卷 1).

Shao, Zili ; Xue, Chun ; Zhuge, Qingfeng 等. / Efficient array & pointer bound checking against buffer overflow attacks via hardware/software. Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. 编辑 / H. Selvaraj ; P.K. Srimani. 2005. 页码 780-785 (International Conference on Information Technology: Coding and Computing, ITCC).

@inproceedings{39fa9f8d3e4f433187ea7012a1904d42,

title = "Efficient array \& pointer bound checking against buffer overflow attacks via hardware/software",

abstract = "Buffer overflow attacks cause serious security problems. Array \& pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array \& pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array \& pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array \& pointer bound checking. Our conclusion is that based on our strategy, array \& pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.",

author = "Zili Shao and Chun Xue and Qingfeng Zhuge and Sha, \{Edwin H.M.\} and Bin Xiao",

year = "2005",

language = "英语",

isbn = "0769523153",

series = "International Conference on Information Technology: Coding and Computing, ITCC",

pages = "780--785",

editor = "H. Selvaraj and P.K. Srimani",

booktitle = "Proceedings ITCC 2005 - International Conference on Information Technology",

note = "ITCC 2005 - International Conference on Information Technology: Coding and Computing ; Conference date: 04-04-2005 Through 06-04-2005",

}

Shao, Z, Xue, C, Zhuge, Q , Sha, EHM & Xiao, B 2005, Efficient array & pointer bound checking against buffer overflow attacks via hardware/software. 在 H Selvaraj & PK Srimani (编辑), Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. International Conference on Information Technology: Coding and Computing, ITCC, 卷 1, 页码 780-785, ITCC 2005 - International Conference on Information Technology: Coding and Computing, Las Vegas, NV, 美国, 4/04/05.

Efficient array & pointer bound checking against buffer overflow attacks via hardware/software. / Shao, Zili; Xue, Chun; Zhuge, Qingfeng 等.
Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. 编辑 / H. Selvaraj; P.K. Srimani. 2005. 页码 780-785 (International Conference on Information Technology: Coding and Computing, ITCC; 卷 1).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Efficient array & pointer bound checking against buffer overflow attacks via hardware/software

AU - Shao, Zili

AU - Xue, Chun

AU - Zhuge, Qingfeng

AU - Sha, Edwin H.M.

AU - Xiao, Bin

PY - 2005

Y1 - 2005

N2 - Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.

AB - Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.

UR - https://www.scopus.com/pages/publications/24744464365

M3 - 会议稿件

AN - SCOPUS:24744464365

SN - 0769523153

T3 - International Conference on Information Technology: Coding and Computing, ITCC

SP - 780

EP - 785

BT - Proceedings ITCC 2005 - International Conference on Information Technology

A2 - Selvaraj, H.

A2 - Srimani, P.K.

T2 - ITCC 2005 - International Conference on Information Technology: Coding and Computing

Y2 - 4 April 2005 through 6 April 2005

ER -

Shao Z, Xue C, Zhuge Q , Sha EHM, Xiao B. Efficient array & pointer bound checking against buffer overflow attacks via hardware/software. 在 Selvaraj H, Srimani PK, 编辑, Proceedings ITCC 2005 - International Conference on Information Technology: Coding and Computing. 2005. 页码 780-785. (International Conference on Information Technology: Coding and Computing, ITCC).

Efficient array & pointer bound checking against buffer overflow attacks via hardware/software

摘要

出版系列

会议

其它文件与链接

指纹

引用此