Integrating offline analysis and online protection to defeat buffer overflow attacks

Authors:
Donghai Tian;Xi Xiong;Changzhen Hu;Peng Liu
Affiliations:
Pennsylvania State University, University Park, PA and Beijing Institute of Technology, Beijing, China;Pennsylvania State University, University Park, PA;Beijing Institute of Technology, Beijing, China;Pennsylvania State University, University Park, PA
Venue:
ISC'10 Proceedings of the 13th international conference on Information security
Year:
2010

Citing 2
Cited 0

Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
SigFree: A Signature-Free Buffer Overflow Attack Blocker

IEEE Transactions on Dependable and Secure Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays Buffer overflow attacks are still recognized as one of the most severe threats in software security. Previous solutions suffer from limitations in that: 1) Some methods based on compiler extensions have limited practicality because they need to access source code; 2) Other methods that need to modify some aspects of the operating system or hardware require much deployment effort; 3) Almost all methods are unable to deploy a runtime protection for programs that cannot afford to restart. In this paper, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. The experiments show that our system can defend against realistic buffer overflow attacks effectively with moderate performance overhead.