Title :
The implementation of Secure Canary Word for buffer-overflow protection
Author :
Chiamwongpaet, Sirisara ; Piromsopa, Krerk
Author_Institution :
Dept. of Comput. Eng., Chulalongkorn Univ., Bangkok, Thailand
Abstract :
Chiamwongpaet and Piromsopa introduced secure canary word, an extension of secure bit, as an architectural approach to the protection against buffer-overflow attacks on non-control data (variables and arguments). Secure canary word is based on two existing schemes, secure bit and canary word. The objective of this paper is to propose a new hardware implementation in order to improve the efficiency of secure canary word. To evaluate this design, the hardware simulation is conducted using BOCHS emulator running Linux (Red Hat 6.2) with GCC compiler. Like the prior work, the results confirm that secure canary word can detect buffer-overflow attacks on non-control data. Furthermore, performance is significantly better than the original implementation. This suggests that secure canary word can prevent buffer-overflow attacks on non-control data without any serious performance degradation or storage requirement.
Keywords :
buffer storage; security of data; BOCHS emulator; GCC compiler; Linux; Red Hat 6.2; buffer-overflow attack detection; buffer-overflow protection; hardware simulation; noncontrol data; secure bit; secure canary word; storage requirement; Buffer storage; Computer worms; Data engineering; Degradation; Hardware; Indexing; Linux; Protection; Secure storage; Writing;
Conference_Titel :
Electro/Information Technology, 2009. eit '09. IEEE International Conference on
Conference_Location :
Windsor, ON
Print_ISBN :
978-1-4244-3354-4
Electronic_ISBN :
978-1-4244-3355-1
DOI :
10.1109/EIT.2009.5189584
