DocumentCode :
2933050
Title :
SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks
Author :
Shinagawa, Takahiro
Author_Institution :
Div. of Syst. Inf. Sci., Tokyo Univ. of Agric. & Technol.
fYear :
2006
fDate :
2-4 Oct. 2006
Firstpage :
277
Lastpage :
288
Abstract :
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%
Keywords :
buffer storage; security of data; SegmentShield; buffer overflow attack; data-pointer modification attack; pointer copying; Agriculture; Buffer overflow; Cryptography; Hardware; Information science; Kernel; Linux; Protection; Runtime; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Reliable Distributed Systems, 2006. SRDS '06. 25th IEEE Symposium on
Conference_Location :
Leeds
ISSN :
1060-9857
Print_ISBN :
0-7695-2677-2
Type :
conf
DOI :
10.1109/SRDS.2006.43
Filename :
4032489
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2933050
بازگشت