ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Repairing return address stack for buffer overflow protection
Full text PdfPdf (198 KB)
Source Conference On Computing Frontiers archive
Proceedings of the 1st conference on Computing frontiers table of contents
Ischia, Italy
SESSION: Applications table of contents
Pages: 335 - 342  
Year of Publication: 2004
ISBN:1-58113-741-9
Authors
Yong-Joon Park  University of Illinois at Chicago, IL
Gyungho Lee  University of Illinois at Chicago, IL
Sponsors
ACM: Association for Computing Machinery
SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 112,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/977091.977139
What is a DOI?

ABSTRACT

Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism against buffer overflow attacks. As buffer overflow attack leads to a compromised return address, our approach is to provide a software transparent micro-architectural support for return address integrity checking. By keeping an uncompromised copy of the return address separate from the activation record in run-time stack, the return address compromised by a buffer overflow attack can be detected at run time. Since extra copies of return addresses are already found in the return address stack (RAS) for return address prediction in most high-performance microprocessors, this paper considers augmenting the RAS in speculative superscalar processors for return address integrity checking. The new mechanism provides 100% accurate return address prediction as well as integrity checking for return addresses. Hence, it enhances system performance in addition to preventing a buffer overflow attack.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Aleph One. Smashing the stack for fun and profit, Phrack Magazine, 7(49): File 14, 1996.
 
2
Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. Proceedings of the USNIX Annual Technical Conference, June 2000.
 
3
Bulba and Kil3r. Bypassing StackGuard & Stackshield. Pharck magazine vol. 11 Issue 56.
 
4
Po-Ying Chang , Eric Hao , Yale N. Patt, Alternative implementations of hybrid branch predictors, Proceedings of the 28th annual international symposium on Microarchitecture, p.252-257, November 29-December 01, 1995, Ann Arbor, Michigan, United States
 
5
RAD: A Compile-Time Solution to Buffer Overflow Attacks, Proceedings of the The 21st International Conference on Distributed Computing Systems, p.409, April 16-19, 2001
 
6
Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bake, Steve Beattie, Aron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic Detection and prevention of Buffer-Overflow Attacks. Proceeding of the 7th USENIX security symposium, 1998.
 
7
Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve Beattie, and Jonathan Walpole. Buffer Overflows: Attacks and defense for the vulnerability of the Decade. DARPA Information survivability Conference and Expo DISCEX, 1999.
 
8
Roman Danyliw and Allen Householder. CERT Advisory CA-2001-19: Code Red Worm Exploiting Buffer Overflow IN IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, Jul. 2001.
 
9
Solar Designer. Non-Executable user stack. http://www.openwall.com/
 
10
Compaq Computer Corporation. Alpha 21264/EV6 Microprocessor Hard-ware Reference Manual. Sept. 2000.
 
11
DilDog. The Tao of Windows Buffer Overflow. http://www.cultdeadcow.com/cDc_files/cDc-351/
 
12
Chad Dougherty, Jeffrey Havrilla, Shawn Hernan, and Marty Lindner. CERT Advisory CA-2003-20 W32/Blaster worm. http://www.cert.org/advisories/CA-2003-20.html
 
13
Mark W. Eichin and Jon A.Rochlis. With microscope and tweezers: An analysis of the Internet virus of November 1988. Proceeding of the IEEE Symposium on Research in Security and Privacy, 1989.
 
14
James E. Smith , Andrew R. Pleszkun, Implementing Precise Interrupts in Pipelined Processors, IEEE Transactions on Computers, v.37 n.5, p.562-573, May 1988  [doi>10.1109/12.4607]
 
15
Blaise Gassend , G. Edward Suh , Dwaine Clarke , Marten van Dijk , Srinivas Devadas, Caches and Hash Trees for Efficient Memory Integrity Verification, Proceedings of the 9th International Symposium on High-Performance Computer Architecture, p.295, February 08-12, 2003
 
16
R.W.M. Jones and P.H.J. Kelly. Backward-compatible bounds checking for arrays and pointers in C programs. Proceedings of the 3rd International Workshop on Automated Debugging, 1997.
 
17
John L. Hennessy , David A. Patterson, Computer architecture (2nd ed.): a quantitative approach, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1996
 
18
ICAT Metabase A CVE Based Vulnerability Database, http://www.icat.nist.gov/icat.cfm
 
19
Intel Corporation. IA-32 Intel Architecture Software Developer's Manual. 2003.
 
20
Klog. Frame pointer overwrite. Pharack magazine vol.9. Isuue 55.
 
21
David Lie, Chandramohan Thekkath, Mark Mitchell, and Patrick Lincoln. Architectural Supports for Copy and Tamper Resistant Software. APOLS-IX 2000 Cambridge, Massachusetts. 2000.
 
22
Ralph Merkle. Protocols for public key cryptography. IEEE Symposium on Security and privacy. Page 122--134, 1980.
 
23
Kevin Skadron , Pritpal S. Ahuja , Margaret Martonosi , Douglas W. Clark, Improving prediction for procedure returns with return-address-stack repair mechanisms, Proceedings of the 31st annual ACM/IEEE international symposium on Microarchitecture, p.259-271, November 1998, Dallas, Texas, United States
 
24
A. Tyagi, and G. Lee. Encoded program counter: Self Protection from Buffer Overflow Attacks. Proceedings of International conference on Internet Computing (IC'2000), June 2000.
 
25
Changwoo Pyo , Gyungho Lee, Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack, Proceedings of the 4th International Conference on Information and Communications Security, p.25-36, December 09-12, 2002
 
26
R. Rivest. RFC1321: The MD-5 message-Digest Algorithm, 1992.

CITED BY
Dong Ye , David Kaeli, A reliable return address stack: microarchitectural features to defeat stack smashing, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Security


Keywords:
buffer overflow, computer architecture, computer security, intrusion tolerance

Collaborative Colleagues:
Yong-Joon Park: colleagues
Gyungho Lee: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player