Buffer overflow protection based on adjusting code segment limit

Author

Tan, Yu-An ; Zheng, Ji-Yan ; Cao, Yuan-Da ; Zhang, Xue-Lan

Author_Institution

Dept. of Comput. Sci. & Eng., Beijing Inst. of Technol., China

Volume

2

fYear

2005

fDate

12-14 Oct. 2005

Firstpage

947

Lastpage

950

Abstract

Stack smashing is a common mode of buffer overflow attack for hijacking system control. A segment-based non-executable stack approach is proposed and evaluated to defend against stack-based buffer overflow attacks under Windows operating system and Intel 32-bit CPUs. A kernel device driver is designed to relocate the application´s user-mode stack to the higher address and to modify the effective limit in the code segment descriptor, in order to exclude the relocated stack from the code segment. Once any code that attempts to execute the malicious code residing in the stack, a general-protection exception of exceeding the segment limit is triggered so the malicious code is terminated. It is highly effective in preventing both known and yet unknown stack smashing attacks, and its performance overhead is lower than the page-based non-executable stack approach.

Keywords

buffer storage; security of data; Intel; Windows operating system; code segment descriptor; code segment limit adjustment; general-protection exception; hijacking system control; kernel device driver; segment-based nonexecutable stack approach; stack smashing; stack-based buffer overflow attacks; user-mode stack; Buffer overflow; Computer science; Control systems; Kernel; Memory management; Operating systems; Process control; Protection; Runtime; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Information Technology, 2005. ISCIT 2005. IEEE International Symposium on

Print_ISBN

0-7803-9538-7

Type

conf

DOI

10.1109/ISCIT.2005.1567023

Filename

1567023