• DocumentCode
    434545
  • Title

    Efficient array & pointer bound checking against buffer overflow attacks via hardware/software

  • Author

    Shao, Zili ; Xue, Chun ; Zhuge, Qingfeng ; Sha, Edwin H M ; Xiao, Bin

  • Author_Institution
    Dept. of Comput. Sci., Texas Univ., Dallas, TX, USA
  • Volume
    1
  • fYear
    2005
  • fDate
    4-6 April 2005
  • Firstpage
    780
  • Abstract
    Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However; original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.
  • Keywords
    buffer storage; optimising compilers; security of data; array bound checking; buffer overflow attack; pointer bound checking; write operation; Buffer overflow; Computer bugs; Computer science; Computer security; Computer worms; Hardware; Optimization methods; Protection; Read-write memory; Runtime;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
  • Print_ISBN
    0-7695-2315-3
  • Type

    conf

  • DOI
    10.1109/ITCC.2005.140
  • Filename
    1428559
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=434545