SegmentShield:利用分段硬件来防止缓冲区溢出攻击

2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06) Pub Date : 2006-10-02 DOI:10.1109/SRDS.2006.43

Takahiro Shinagawa

{"title":"SegmentShield:利用分段硬件来防止缓冲区溢出攻击","authors":"Takahiro Shinagawa","doi":"10.1109/SRDS.2006.43","DOIUrl":null,"url":null,"abstract":"This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%","PeriodicalId":164765,"journal":{"name":"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks\",\"authors\":\"Takahiro Shinagawa\",\"doi\":\"10.1109/SRDS.2006.43\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%\",\"PeriodicalId\":164765,\"journal\":{\"name\":\"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SRDS.2006.43\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDS.2006.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

本文提出了一种强大而有效的防止缓冲区溢出攻击的方案。该方案的基本方法是指针复制:将代码指针的副本存储在安全的内存区域中，以检测和防止代码指针的操作。为了保护复制的代码指针不受数据指针修改攻击，该方案利用了IA-32 (Intel x86)处理器的分段硬件。该方案提供了与通过系统调用对内存区域进行写保护一样强的保护。另一方面，这种方案涉及到适度的开销，因为复制代码指针只需要几个用户级指令，并且没有进入内核的代价。实验结果表明，OpenSSL的性能开销在0.9%到4.3%之间

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks

This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA-32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06)

自引率

0.00%

发文量

期刊最新文献

Performance evaluation of a fair fault-tolerant mutual exclusion algorithm Fault-tolerant and scalable TCP splice and web server architecture Improvements and Reconsideration of Distributed Snapshot Protocols Improving DBMS Performance through Diverse Redundancy AVCast : New Approaches For Implementing Availability-Dependent Reliability for Multicast Receivers