Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks

  • Authors:

  • Zili Shao;Jiannong Cao;Keith C. C. Chan;Chun Xue;Edwin H.-M. Sha

  • Affiliations:

  • Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong;Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong;Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong;Department of Computer Science, University of Texas at Dallas, Richardson, Texas;Department of Computer Science, University of Texas at Dallas, Richardson, Texas

  • Venue:
  • Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Malicious intrusions by buffer overflow attacks cause serious security problems and pose serious threats for networks and distributed systems such as clusters, Grids and P2P systems. Array & pointer boundary checking is one of the most effective approaches for defending against buffer overflow attacks. However, a big performance overhead may occur after boundary checking is applied. Typically, it may cause 2-5 times slowdown [T.M. Austin, E.B. Scott, S.S. Gurindar, Efficient detection of all pointer and array access errors, in: Proceedings of the ACM SIGPLAN '94 Conference on Programming Language Design and Implementation, 1994, pp. 290-301; R.W.M. Jones, P.H.J. Kelly, Backwards-compatible bounds checking for arrays and pointers in c programs, in: The Third International Workshop on Automated and Algorithmic Debugging, 1997, pp. 13-26]. In this paper, we propose a hardware/software method to optimize the performance of array & pointer boundary checking by designing a special boundary checking instruction. The experimental results show that our method can effectively reduce the overhead of array & pointer boundary checking.