Run-time support for detection of memory access violations to prevent buffer overflow exploits

Pramod Ramarao, Akhilesh Tyagi, Gyungho Lee

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Run-time memory access violations are one of the main causes of vulnerabilities in software systems. These violations occur since a run-time enforcement of some of the programming language semantics becomes excessively expensive. Violations of array bounds are reflected in a very common security exploit known as a buffer overflow exploit. We propose a hardware aided technique for bounds checking stack allocated data objects that reduces the overhead for bounds checking tremendously. Each stack access is verified to be within the stack frame as a hardware activity in parallel with rest of the load/store actions (and hence with no performance overhead). This allows the compiler to enforce the run time bounds only for pointer-based memory accesses in the static/global data and heap spaces. We profile the average number of pointer-based accesses into the stack region (about 40%) and the average number of stack allocated aggregate objects (about 33%) over eight benchmark programs. This reduces the complexity of the run-time checks by approximately 60%. We demonstrate through an instruction level architecture simulator, that the performance overhead of hardware stack bounds checking is very close to zero. We also implement a prototype compiler extension (based on the GNU C Compiler) for checking memory accesses only for global and static address spaces. The performance overhead of our dynamic bounds checking aided by hardware stack bounds check support is approximately 2x on the average over a mix of eight pointer intensive benchmark programs and SPEC 2000 benchmark programs (as opposed to the reported overhead of 30x without such hardware support). We also describe how the compiler technique can be extended to check heap addresses.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsColin Boyd, Wenbo Mao
PublisherSpringer Verlag
Pages366-380
Number of pages15
ISBN (Print)3540201769
DOIs
Publication statusPublished - 2003

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2851
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Run-time support for detection of memory access violations to prevent buffer overflow exploits'. Together they form a unique fingerprint.

  • Cite this

    Ramarao, P., Tyagi, A., & Lee, G. (2003). Run-time support for detection of memory access violations to prevent buffer overflow exploits. In C. Boyd, & W. Mao (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 366-380). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2851). Springer Verlag. https://doi.org/10.1007/10958513_28