Title :
Buffer overflow protection based on adjusting code segment limit
Author :
Tan, Yu-An ; Zheng, Ji-Yan ; Cao, Yuan-Da ; Zhang, Xue-Lan
Author_Institution :
Dept. of Comput. Sci. & Eng., Beijing Inst. of Technol., China
Abstract :
Stack smashing is a common mode of buffer overflow attack for hijacking system control. A segment-based non-executable stack approach is proposed and evaluated to defend against stack-based buffer overflow attacks under Windows operating system and Intel 32-bit CPUs. A kernel device driver is designed to relocate the application´s user-mode stack to the higher address and to modify the effective limit in the code segment descriptor, in order to exclude the relocated stack from the code segment. Once any code that attempts to execute the malicious code residing in the stack, a general-protection exception of exceeding the segment limit is triggered so the malicious code is terminated. It is highly effective in preventing both known and yet unknown stack smashing attacks, and its performance overhead is lower than the page-based non-executable stack approach.
Keywords :
buffer storage; security of data; Intel; Windows operating system; code segment descriptor; code segment limit adjustment; general-protection exception; hijacking system control; kernel device driver; segment-based nonexecutable stack approach; stack smashing; stack-based buffer overflow attacks; user-mode stack; Buffer overflow; Computer science; Control systems; Kernel; Memory management; Operating systems; Process control; Protection; Runtime; Security;
Conference_Titel :
Communications and Information Technology, 2005. ISCIT 2005. IEEE International Symposium on
Print_ISBN :
0-7803-9538-7
DOI :
10.1109/ISCIT.2005.1567023
