HeapDefender: A Mechanism of Defending Embedded Systems against Heap Overflow via Hardware

Buffer overflow attacks have been causing serious security problems for decades. While numerous approaches have been proposed to prevent stack overflows, heap overflows remain a security threat and a frequent source of bugs. Embedded systems can be easily attacked by the heap overflow attacks. In this paper, based on analyzing the security of an embedded processor at instruction level, we propose a hardware defense mechanism, Heap Defender, which aims to detect heap buffer overflow attacks. Heap Defender, a module of hardware located the inside of the embedded processor, neither modifies the program nor destroys the pipeline integrity. The instructions parsed in parallel within the Heap Defender are synchronized with the CPU pipeline which makes the Heap Defender have little performance overhead. As demonstrated in an FPGA (Field Programmable Gate Array) prototyping, the experimental results show that Heap Defender can effectively detect heap buffer overflow attacks with around 15% hardware cost overhead and only 0.1% performance penalty.