TY - GEN
T1 - Repairing return address stack for buffer overflow protection
AU - Park, Yong Joon
AU - Lee, Gyungho
PY - 2004
Y1 - 2004
N2 - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.
AB - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.
KW - Buffer overflow
KW - Computer architecture
KW - Computer security
KW - Intrusion tolerance
UR - http://www.scopus.com/inward/record.url?scp=4143130038&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=4143130038&partnerID=8YFLogxK
U2 - 10.1145/977091.977139
DO - 10.1145/977091.977139
M3 - Conference contribution
AN - SCOPUS:4143130038
SN - 1581137419
SN - 9781581137415
T3 - 2004 Computing Frontiers Conference
SP - 335
EP - 342
BT - 2004 Computing Frontiers Conference
PB - Association for Computing Machinery
T2 - 2004 Computing Frontiers Conference
Y2 - 14 April 2004 through 16 April 2004
ER -