The implementation of Secure Canary Word for buffer-overflow protection

Author

Chiamwongpaet, Sirisara ; Piromsopa, Krerk

Author_Institution

Dept. of Comput. Eng., Chulalongkorn Univ., Bangkok, Thailand

fYear

2009

fDate

7-9 June 2009

Firstpage

56

Lastpage

61

Abstract

Chiamwongpaet and Piromsopa introduced secure canary word, an extension of secure bit, as an architectural approach to the protection against buffer-overflow attacks on non-control data (variables and arguments). Secure canary word is based on two existing schemes, secure bit and canary word. The objective of this paper is to propose a new hardware implementation in order to improve the efficiency of secure canary word. To evaluate this design, the hardware simulation is conducted using BOCHS emulator running Linux (Red Hat 6.2) with GCC compiler. Like the prior work, the results confirm that secure canary word can detect buffer-overflow attacks on non-control data. Furthermore, performance is significantly better than the original implementation. This suggests that secure canary word can prevent buffer-overflow attacks on non-control data without any serious performance degradation or storage requirement.

Keywords

buffer storage; security of data; BOCHS emulator; GCC compiler; Linux; Red Hat 6.2; buffer-overflow attack detection; buffer-overflow protection; hardware simulation; noncontrol data; secure bit; secure canary word; storage requirement; Buffer storage; Computer worms; Data engineering; Degradation; Hardware; Indexing; Linux; Protection; Secure storage; Writing;

fLanguage

English

Publisher

ieee

Conference_Titel

Electro/Information Technology, 2009. eit '09. IEEE International Conference on

Conference_Location

Windsor, ON

Print_ISBN

978-1-4244-3354-4

Electronic_ISBN

978-1-4244-3355-1

Type

conf

DOI

10.1109/EIT.2009.5189584

Filename

5189584