Repairing return address stack for buffer overflow protection

Yong Joon Park, Kyung Ho Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

Original languageEnglish
Title of host publication2004 Computing Frontiers Conference
Pages335-342
Number of pages8
Publication statusPublished - 2004 Aug 30
Externally publishedYes
Event2004 Computing Frontiers Conference - Ischia, Italy
Duration: 2004 Apr 142004 Apr 16

Other

Other2004 Computing Frontiers Conference
CountryItaly
CityIschia
Period04/4/1404/4/16

Fingerprint

Microprocessor chips
Chemical activation

Keywords

  • Buffer overflow
  • Computer architecture
  • Computer security
  • Intrusion tolerance

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Park, Y. J., & Lee, K. H. (2004). Repairing return address stack for buffer overflow protection. In 2004 Computing Frontiers Conference (pp. 335-342)

Repairing return address stack for buffer overflow protection. / Park, Yong Joon; Lee, Kyung Ho.

2004 Computing Frontiers Conference. 2004. p. 335-342.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Park, YJ & Lee, KH 2004, Repairing return address stack for buffer overflow protection. in 2004 Computing Frontiers Conference. pp. 335-342, 2004 Computing Frontiers Conference, Ischia, Italy, 04/4/14.
Park YJ, Lee KH. Repairing return address stack for buffer overflow protection. In 2004 Computing Frontiers Conference. 2004. p. 335-342
Park, Yong Joon ; Lee, Kyung Ho. / Repairing return address stack for buffer overflow protection. 2004 Computing Frontiers Conference. 2004. pp. 335-342
@inproceedings{63e8ff3a66b24b0f9118e0cb6d64f14d,
title = "Repairing return address stack for buffer overflow protection",
abstract = "Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100{\%} accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.",
keywords = "Buffer overflow, Computer architecture, Computer security, Intrusion tolerance",
author = "Park, {Yong Joon} and Lee, {Kyung Ho}",
year = "2004",
month = "8",
day = "30",
language = "English",
isbn = "1581137419",
pages = "335--342",
booktitle = "2004 Computing Frontiers Conference",

}

TY - GEN

T1 - Repairing return address stack for buffer overflow protection

AU - Park, Yong Joon

AU - Lee, Kyung Ho

PY - 2004/8/30

Y1 - 2004/8/30

N2 - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

AB - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

KW - Buffer overflow

KW - Computer architecture

KW - Computer security

KW - Intrusion tolerance

UR - http://www.scopus.com/inward/record.url?scp=4143130038&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4143130038&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:4143130038

SN - 1581137419

SN - 9781581137415

SP - 335

EP - 342

BT - 2004 Computing Frontiers Conference

ER -

Access to Document