Stacklock with simple FSM

Dongkyun Ahn, Kyung Ho Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With a wide spread of malicious software attacks, run-time stack has been drawing attention because it is one of the most vulnerable points in computer architecture. Conventional stack layout, in which local variables for user input and control ow data such as return address are saved close to each other, is often the root of the attack vulnerability. This paper proposes a simple ?nite state machine to track usage of stack frame locations at a ?ne granularity of 2-bytes. Such a ?ne grain protection is necessary to distinguish adjacent stack frame locations, which allows detecting abnormal memory operations even in real mode running of a boot loader. The proposed scheme guarantees 2-byte granularity for preventing malicious writes in the stack using small additional memory space for the ?nite state machine.1

Original languageEnglish
Title of host publicationProceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009
Pages46-51
Number of pages6
DOIs
Publication statusPublished - 2009 Nov 17
Externally publishedYes
Event2009 IEEE International Conference on Electro/Information Technology, EIT 2009 - Windsor, ON, Canada
Duration: 2009 Jun 72009 Jun 9

Other

Other2009 IEEE International Conference on Electro/Information Technology, EIT 2009
CountryCanada
CityWindsor, ON
Period09/6/709/6/9

Fingerprint

Data storage equipment
Loaders
Computer architecture
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing
  • Electrical and Electronic Engineering

Cite this

Ahn, D., & Lee, K. H. (2009). Stacklock with simple FSM. In Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009 (pp. 46-51). [5189582] https://doi.org/10.1109/EIT.2009.5189582

Stacklock with simple FSM. / Ahn, Dongkyun; Lee, Kyung Ho.

Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009. 2009. p. 46-51 5189582.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahn, D & Lee, KH 2009, Stacklock with simple FSM. in Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009., 5189582, pp. 46-51, 2009 IEEE International Conference on Electro/Information Technology, EIT 2009, Windsor, ON, Canada, 09/6/7. https://doi.org/10.1109/EIT.2009.5189582
Ahn D, Lee KH. Stacklock with simple FSM. In Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009. 2009. p. 46-51. 5189582 https://doi.org/10.1109/EIT.2009.5189582
Ahn, Dongkyun ; Lee, Kyung Ho. / Stacklock with simple FSM. Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009. 2009. pp. 46-51
@inproceedings{f46eb8ad7c014231b89eadbe43345406,
title = "Stacklock with simple FSM",
abstract = "With a wide spread of malicious software attacks, run-time stack has been drawing attention because it is one of the most vulnerable points in computer architecture. Conventional stack layout, in which local variables for user input and control ow data such as return address are saved close to each other, is often the root of the attack vulnerability. This paper proposes a simple ?nite state machine to track usage of stack frame locations at a ?ne granularity of 2-bytes. Such a ?ne grain protection is necessary to distinguish adjacent stack frame locations, which allows detecting abnormal memory operations even in real mode running of a boot loader. The proposed scheme guarantees 2-byte granularity for preventing malicious writes in the stack using small additional memory space for the ?nite state machine.1",
author = "Dongkyun Ahn and Lee, {Kyung Ho}",
year = "2009",
month = "11",
day = "17",
doi = "10.1109/EIT.2009.5189582",
language = "English",
isbn = "9781424433551",
pages = "46--51",
booktitle = "Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009",

}

TY - GEN

T1 - Stacklock with simple FSM

AU - Ahn, Dongkyun

AU - Lee, Kyung Ho

PY - 2009/11/17

Y1 - 2009/11/17

N2 - With a wide spread of malicious software attacks, run-time stack has been drawing attention because it is one of the most vulnerable points in computer architecture. Conventional stack layout, in which local variables for user input and control ow data such as return address are saved close to each other, is often the root of the attack vulnerability. This paper proposes a simple ?nite state machine to track usage of stack frame locations at a ?ne granularity of 2-bytes. Such a ?ne grain protection is necessary to distinguish adjacent stack frame locations, which allows detecting abnormal memory operations even in real mode running of a boot loader. The proposed scheme guarantees 2-byte granularity for preventing malicious writes in the stack using small additional memory space for the ?nite state machine.1

AB - With a wide spread of malicious software attacks, run-time stack has been drawing attention because it is one of the most vulnerable points in computer architecture. Conventional stack layout, in which local variables for user input and control ow data such as return address are saved close to each other, is often the root of the attack vulnerability. This paper proposes a simple ?nite state machine to track usage of stack frame locations at a ?ne granularity of 2-bytes. Such a ?ne grain protection is necessary to distinguish adjacent stack frame locations, which allows detecting abnormal memory operations even in real mode running of a boot loader. The proposed scheme guarantees 2-byte granularity for preventing malicious writes in the stack using small additional memory space for the ?nite state machine.1

UR - http://www.scopus.com/inward/record.url?scp=70449370162&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70449370162&partnerID=8YFLogxK

U2 - 10.1109/EIT.2009.5189582

DO - 10.1109/EIT.2009.5189582

M3 - Conference contribution

SN - 9781424433551

SP - 46

EP - 51

BT - Proceedings of 2009 IEEE International Conference on Electro/Information Technology, EIT 2009

ER -