RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
| Hi-index | 0.00 |
Piromsopa and Enbody [1] proposed Secure Bit, a mechanism to protect against buffer overflow attacks on control data (return-addresses and function-pointers). This paper explores the architecture of Secure Bit: its implementation and its performance impact. We consider memory organization, cache organization, and processor modifications. Secure Bit provides a hardware bit and protocol to protect the integrity of addresses for the purpose of preventing buffer-overflow attacks. If an address is corrupted, an exception is raised. By changing only the semantics of the ISA Secure Bit is transparent to user software. An important differentiating aspect is that once an address has been marked as insecure there is no instruction to remark the address as secure. Our study shows that the implementation is straightforward. In particular, we find that cache organization is a critical component to the performance and success of Secure Bit.