Title :
Buffer Overflow Attacks Defending Using A Segment-based Approach
Author :
Yang, Wei-Zhi ; Tan, Yu-An
Author_Institution :
Coll. of Inf. Sci. & Eng., Northeastern Univ., Shenyang
Abstract :
A segment-based non-executable stack approach is proposed and evaluated to defend against stack-based buffer overflow attacks under Windows NT/2000/2003/XP and Intel 32-bit CPUs. A kernel device driver is designed to relocate the application´s user-mode stack to the higher address and to modify the effective limit in the code segment descriptor, in order to exclude the relocated stack from the code segment. Once any code that attempts to execute the malicious code residing in the stack, a general-protection exception of exceeding the segment limit is triggered so the malicious code will be terminated. It is highly effective in preventing both known and yet unknown stack smashing attacks and its performance overhead is lower than the page-based non-executable stack approach
Keywords :
buffer storage; operating system kernels; security of data; Intel 32-bit CPU; Windows 2000; Windows 2003; Windows NT; Windows XP; code segment descriptor; general-protection exception; kernel device driver; malicious code; segment-based nonexecutable stack approach; stack smashing attacks; stack-based buffer overflow attacks; Application software; Buffer overflow; Computer science; Computer security; Computer worms; Educational institutions; Information science; Information security; Kernel; Protection;
Conference_Titel :
Computational Intelligence and Security, 2006 International Conference on
Conference_Location :
Guangzhou
Print_ISBN :
1-4244-0605-6
Electronic_ISBN :
1-4244-0605-6
DOI :
10.1109/ICCIAS.2006.295323
