Architecting security: a secure implementation of hardware buffer-overflow protection

  • Authors:
  • Krerk Piromsopa;Richard J. Enbody

  • Affiliations:
  • Department of Computer Engineering, Chulalongkorn University, Bangkok, Thailand;Department of Computer Science and Engineering, Michigan State University, MI

  • Venue:
  • ACST'07 Proceedings of the third conference on IASTED International Conference: Advances in Computer Science and Technology
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Piromsopa and Enbody [1] proposed Secure Bit, a mechanism to protect against buffer overflow attacks on control data (return-addresses and function-pointers). This paper explores the architecture of Secure Bit: its implementation and its performance impact. We consider memory organization, cache organization, and processor modifications. Secure Bit provides a hardware bit and protocol to protect the integrity of addresses for the purpose of preventing buffer-overflow attacks. If an address is corrupted, an exception is raised. By changing only the semantics of the ISA Secure Bit is transparent to user software. An important differentiating aspect is that once an address has been marked as insecure there is no instruction to remark the address as secure. Our study shows that the implementation is straightforward. In particular, we find that cache organization is a critical component to the performance and success of Secure Bit.