Stack protection in packet processing systems

Author

Peng Wu ; Wolf, Tilman

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA

fYear

2014

fDate

3-6 Feb. 2014

Firstpage

53

Lastpage

57

Abstract

Network security is a critical aspect of Internet operations. Most network security research has focused on protecting end-systems from hacking and denial-of-service attacks. In our work, we address hacking attacks on the network infrastructure itself. In particular, we explore data plane stack smashing attacks that have demonstrated successfully on network processor systems. We explore their use in the context of software routers that are implemented on top of general-purpose processor and operating systems. We discuss how such attacks can be adapted to these router systems and how stack protection mechanisms can be used as defense. We show experimental results that demonstrate the effectiveness of these stack protection mechanisms.

Keywords

Internet; computer crime; computer network security; general purpose computers; operating systems (computers); packet switching; telecommunication network routing; Internet; computer network security; denial of service attacks; end systems protection; general purpose processor; hacking attacks; network infrastructure; network processor systems; operating systems; packet processing system; router systems; smashing attacks; software routers; stack protection mechanism; Computer architecture; Information security; Linux; Operating systems; Protocols; attack; defense; network security; stack smashing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computing, Networking and Communications (ICNC), 2014 International Conference on

Conference_Location

Honolulu, HI

Type

conf

DOI

10.1109/ICCNC.2014.6785304

Filename

6785304