Article

Repairing return address stack for buffer overflow protection

Authors:

Yong-Joon Park,

Gyungho LeeAuthors Info & Claims

CF '04: Proceedings of the 1st conference on Computing frontiers

Pages 335 - 342

https://doi.org/10.1145/977091.977139

Published: 14 April 2004 Publication History

Abstract

Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

References

[1]

Aleph One. Smashing the stack for fun and profit, Phrack Magazine, 7(49): File 14, 1996.]]

[2]

Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. Proceedings of the USNIX Annual Technical Conference, June 2000.]]

Digital Library

[3]

Bulba and Kil3r. Bypassing StackGuard & Stackshield. Pharck magazine vol. 11 Issue 56.]]

[4]

P.Y. Chang, E. Hao, and Y.N. Patt. Alternative implementations of hybrid branch predictors. Proceeding of Micro-28, page 252--257, Dec. 1995.]]

Digital Library

[5]

Tzi-Cker Chiveh and Fu-Hau Hsu. RAD: A compile-time solution to Buffer Overflow Attacks. Proceeding of 21st International conference on Distributed Computing system, 2001.]]

Digital Library

[6]

Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bake, Steve Beattie, Aron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic Detection and prevention of Buffer-Overflow Attacks. Proceeding of the 7th USENIX security symposium, 1998.]]

Digital Library

[7]

Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve Beattie, and Jonathan Walpole. Buffer Overflows: Attacks and defense for the vulnerability of the Decade. DARPA Information survivability Conference and Expo DISCEX, 1999.]]

[8]

Roman Danyliw and Allen Householder. CERT Advisory CA-2001-19: Code Red Worm Exploiting Buffer Overflow IN IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, Jul. 2001.]]

[9]

Solar Designer. Non-Executable user stack. http://www.openwall.com/]]

[10]

Compaq Computer Corporation. Alpha 21264/EV6 Microprocessor Hard-ware Reference Manual. Sept. 2000.]]

[11]

DilDog. The Tao of Windows Buffer Overflow. http://www.cultdeadcow.com/cDc_files/cDc-351/]]

[12]

Chad Dougherty, Jeffrey Havrilla, Shawn Hernan, and Marty Lindner. CERT Advisory CA-2003-20 W32/Blaster worm. http://www.cert.org/advisories/CA-2003-20.html]]

[13]

Mark W. Eichin and Jon A.Rochlis. With microscope and tweezers: An analysis of the Internet virus of November 1988. Proceeding of the IEEE Symposium on Research in Security and Privacy, 1989.]]

[14]

J. E. Smith, and A. R. Pleszkun. Implementing precise interrupts in pipelined processors. IEEE Trans on Computer 37:5, 1988.]]

Digital Library

[15]

Blaise Gassend, G. Edward suh, Dwain Clarke Marten Van Dijk, Srivas Devadas. Cache and Merkle trees for efficient Memory Authentication. Proceedings of the 9th High Performance Computer Architecture Symposium, February 2003.]]

Digital Library

[16]

R.W.M. Jones and P.H.J. Kelly. Backward-compatible bounds checking for arrays and pointers in C programs. Proceedings of the 3rd International Workshop on Automated Debugging, 1997.]]

[17]

J. L Hennesy, D. A. Patterson. Computer Architecture A quantitative approach. Morgan Kaufman publisher Inc. 1996.]]

Digital Library

[18]

ICAT Metabase A CVE Based Vulnerability Database, http://www.icat.nist.gov/icat.cfm]]

[19]

Intel Corporation. IA-32 Intel Architecture Software Developer's Manual. 2003.]]

[20]

Klog. Frame pointer overwrite. Pharack magazine vol.9. Isuue 55.]]

[21]

David Lie, Chandramohan Thekkath, Mark Mitchell, and Patrick Lincoln. Architectural Supports for Copy and Tamper Resistant Software. APOLS-IX 2000 Cambridge, Massachusetts. 2000.]]

[22]

Ralph Merkle. Protocols for public key cryptography. IEEE Symposium on Security and privacy. Page 122--134, 1980.]]

[23]

K. Skadron, P. S. Ahuja, M. Martonosi and D.W. Clark. Improving prediction for Procedure Returns with Return-Address-Stack Repair Mechanisms. Proceedings of the 31st Annual ACM/IEEE international symposium on Microarchitecture, page 259--271, Dec. 1998.]]

Digital Library

[24]

A. Tyagi, and G. Lee. Encoded program counter: Self Protection from Buffer Overflow Attacks. Proceedings of International conference on Internet Computing (IC'2000), June 2000.]]

[25]

C. Pyo and Gyungho Lee. Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack. Proceeding of the Fourth International Conference on Information and Communications Security (as Lecture Notes in Computer Science Vol. 2513, Springer-verlag), Singapore, Dec. 2002.]]

Digital Library

[26]

R. Rivest. RFC1321: The MD-5 message-Digest Algorithm, 1992.]]

Digital Library

Cited By

Park JSurabhi VKrishnamurthy PGarg SKarri RKhorrami F(2020)Anomaly Detection in Embedded Systems Using Power and Memory Side Channels2020 IEEE European Test Symposium (ETS)10.1109/ETS48528.2020.9131596(1-2)Online publication date: May-2020
https://doi.org/10.1109/ETS48528.2020.9131596
Zhu JZhou WWang ZMu DMao B(2018)DiffGuard: Obscuring Sensitive Information in Canary Based ProtectionsSecurity and Privacy in Communication Networks10.1007/978-3-319-78813-5_39(738-751)Online publication date: 11-Apr-2018
https://doi.org/10.1007/978-3-319-78813-5_39
Petsios TKemerlis VPolychronakis MKeromytis A(2015)DynaGuardProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818031(351-360)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818031
Show More Cited By

Index Terms

Repairing return address stack for buffer overflow protection
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks

Although researchers have proposed several software approaches to preventing buffer overflow attacks, adversaries still extensively exploit this vulnerability. A microarchitecture-based, software-transparent mechanism offers protection against stack-...
Return address randomization scheme for annuling data-injection buffer overflow attacks
Inscrypt'06: Proceedings of the Second SKLOIS conference on Information Security and Cryptology

Buffer overflow(BOF) has been the most common form of vulnerability in software systems today, and many methods exist to defend software systems against BOF attacks. Among them, the instruction set randomization scheme, which makes attacker not to know ...
Realization of Buffer Overflow
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 01

In recent decades, the buffer overflow has been a source of many serious security issues. In recent years, by the CERT/CC (Computer Emergency Response Term/Coodination Center) issued advice on the buffer overflow vulnerability for more than accounted ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CF '04: Proceedings of the 1st conference on Computing frontiers

April 2004

522 pages

ISBN:1581137419

DOI:10.1145/977091

General Chair:
Stamatis Vassiliadis
Delft University of Technology, The Netherlands
,
Program Chairs:
Jean-Luc Gaudiot
University of California at Irvine, USA
,
Vincenzo Piuri
University of Milan, Italy

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CF04

Sponsor:

CF04: Computing Frontiers Conference

April 14 - 16, 2004

Ischia, Italy

Acceptance Rates

Overall Acceptance Rate 273 of 785 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,556
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Park JSurabhi VKrishnamurthy PGarg SKarri RKhorrami F(2020)Anomaly Detection in Embedded Systems Using Power and Memory Side Channels2020 IEEE European Test Symposium (ETS)10.1109/ETS48528.2020.9131596(1-2)Online publication date: May-2020
https://doi.org/10.1109/ETS48528.2020.9131596
Zhu JZhou WWang ZMu DMao B(2018)DiffGuard: Obscuring Sensitive Information in Canary Based ProtectionsSecurity and Privacy in Communication Networks10.1007/978-3-319-78813-5_39(738-751)Online publication date: 11-Apr-2018
https://doi.org/10.1007/978-3-319-78813-5_39
Petsios TKemerlis VPolychronakis MKeromytis A(2015)DynaGuardProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818031(351-360)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818031
Liu CYang CShen YMarculescu RNicolescu G(2014)Leveraging microarchitectural side channel information to efficiently enhance program control flow integrityProceedings of the 2014 International Conference on Hardware/Software Codesign and System Synthesis10.1145/2656075.2656092(1-9)Online publication date: 12-Oct-2014
https://dl.acm.org/doi/10.1145/2656075.2656092
Marco-Gisbert HRipoll I(2013)Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers2013 IEEE 12th International Symposium on Network Computing and Applications10.1109/NCA.2013.12(243-250)Online publication date: Aug-2013
https://doi.org/10.1109/NCA.2013.12
Anckaert BJakubowski MVenkatesan RDe Bosschere K(2007)Run-time randomization to mitigate tamperingProceedings of the Security 2nd international conference on Advances in information and computer security10.5555/1778902.1778917(153-168)Online publication date: 29-Oct-2007
https://dl.acm.org/doi/10.5555/1778902.1778917
Anckaert BJakubowski MVenkatesan RDe Bosschere K(2007)Run-Time Randomization to Mitigate TamperingAdvances in Information and Computer Security10.1007/978-3-540-75651-4_11(153-168)Online publication date: 2007
https://doi.org/10.1007/978-3-540-75651-4_11
Shinagawa T(2006)SegmentShieldProceedings of the 25th IEEE Symposium on Reliable Distributed Systems10.1109/SRDS.2006.43(277-288)Online publication date: 2-Oct-2006
https://dl.acm.org/doi/10.1109/SRDS.2006.43
Park YZhang ZLee G(2006)Microarchitectural Protection Against Stack-Based Buffer Overflow AttacksIEEE Micro10.1109/MM.2006.7626:4(62-71)Online publication date: 1-Jul-2006
https://dl.acm.org/doi/10.1109/MM.2006.76
Ye DKaeli D(2005)A reliable return address stackACM SIGARCH Computer Architecture News10.1145/1055626.105563733:1(73-80)Online publication date: 1-Mar-2005
https://dl.acm.org/doi/10.1145/1055626.1055637

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents