Repairing return address stack for buffer overflow protection

Yong Joon Park; Gyungho Lee

doi:10.1145/977091.977139

Repairing return address stack for buffer overflow protection

Yong Joon Park, Gyungho Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Citations (Scopus)

Abstract

Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

Original language	English
Title of host publication	2004 Computing Frontiers Conference
Publisher	Association for Computing Machinery
Pages	335-342
Number of pages	8
ISBN (Print)	1581137419, 9781581137415
DOIs	https://doi.org/10.1145/977091.977139
Publication status	Published - 2004
Externally published	Yes
Event	2004 Computing Frontiers Conference - Ischia, Italy Duration: 2004 Apr 14 → 2004 Apr 16

Publication series

Name	2004 Computing Frontiers Conference

Other

Other	2004 Computing Frontiers Conference
Country	Italy
City	Ischia
Period	04/4/14 → 04/4/16

Keywords

Buffer overflow
Computer architecture
Computer security
Intrusion tolerance

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1145/977091.977139

Fingerprint Dive into the research topics of 'Repairing return address stack for buffer overflow protection'. Together they form a unique fingerprint.

Cite this

@inproceedings{63e8ff3a66b24b0f9118e0cb6d64f14d,

title = "Repairing return address stack for buffer overflow protection",

abstract = "Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.",

keywords = "Buffer overflow, Computer architecture, Computer security, Intrusion tolerance",

author = "Park, {Yong Joon} and Gyungho Lee",

year = "2004",

doi = "10.1145/977091.977139",

language = "English",

isbn = "1581137419",

series = "2004 Computing Frontiers Conference",

publisher = "Association for Computing Machinery",

pages = "335--342",

booktitle = "2004 Computing Frontiers Conference",

note = "2004 Computing Frontiers Conference ; Conference date: 14-04-2004 Through 16-04-2004",

}

TY - GEN

T1 - Repairing return address stack for buffer overflow protection

AU - Park, Yong Joon

AU - Lee, Gyungho

PY - 2004

Y1 - 2004

N2 - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

AB - Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.

KW - Buffer overflow

KW - Computer architecture

KW - Computer security

KW - Intrusion tolerance

UR - http://www.scopus.com/inward/record.url?scp=4143130038&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4143130038&partnerID=8YFLogxK

U2 - 10.1145/977091.977139

DO - 10.1145/977091.977139

M3 - Conference contribution

AN - SCOPUS:4143130038

SN - 1581137419

SN - 9781581137415

T3 - 2004 Computing Frontiers Conference

SP - 335

EP - 342

BT - 2004 Computing Frontiers Conference

PB - Association for Computing Machinery

T2 - 2004 Computing Frontiers Conference

Y2 - 14 April 2004 through 16 April 2004

ER -