CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Writing Secure Code
Ensuring code safety without runtime checks for real-time control systems
CASES '02 Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Proceedings of the 12th ACM conference on Computer and communications security
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
Extended Protection against Stack Smashing Attacks without Performance Loss
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Efficient protection against heap-based buffer overflows without resorting to magic
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Hello rootKitty: a lightweight invariance-enforcing framework
ISC'11 Proceedings of the 14th international conference on Information security
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
String oriented programming: when ASLR is not enough
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
| Hi-index | 0.00 |
In this paper, we examine the possibility of using virtualization to implement a countermeasure that protects against buffer overflow attacks. The countermeasure works by adding a few extra instructions to the architecture that are emulated by the hypervisor. After running performance benchmarks, a high overhead was observed. Our proof-of-concept software implementation illustrates that the proposed approach is feasible and that the hardware implementation confirms a negligible overhead.