{"title":"SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks","authors":"Takahiro Shinagawa","doi":"10.1109/SRDS.2006.43","DOIUrl":null,"url":null,"abstract":"This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%","PeriodicalId":164765,"journal":{"name":"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDS.2006.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
