Site Navigation

Implicit Buffer Overflow Protection Using Memory Segregation

Page Content

Get BibTex-formatted data

Author

Brent G. Roth and Eugene H. Spafford

Tech report number

CERIAS TR 2011-23

Entry type

inproceedings

Abstract

Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken place or by ensuring that if corruption has taken place, it cannot be used to hijack a process' control flow. These methods thus still allow the corruption of control data to occur but rather than being subverted, the process may terminate or take some other defined error. Few methods have attempted to prevent the corruption of control data, and those that have only focused on preventing the corruption of the return address. We propose the use of multiple memory segments to support multiple stacks, heaps, .bss, and .data sections per process with the goal of segregating control and non-control data. By segregating these different forms of data, we can prevent the corruption of control data by overflow and address manipulation of memory allocated for non-control data. We show that the creation of these additional data segments per process can be implemented through modifications to the compiler.

Download

PDF

Date

2011 – 8 – 24

Booktitle

Proceedings of ARES 2011

Key alpha

Roth

Affiliation

Purdue University CERIAS

Publication Date

2011-08-24

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ Roth,
	title = "Implicit Buffer Overflow Protection Using Memory Segregation",
	author = "Brent G. Roth and Eugene H. Spafford",
	year = "2011",
	month = "8",
	booktitle = "Proceedings of ARES 2011",
	day = "24",
	abstract = "Computing systems continue to be plagued by malicious corruption of instructions and data.  Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes.
Existing methods of protection against these attacks operate by detecting corruption after it has taken place or by ensuring that if corruption has taken place, it cannot be used to hijack a process' control flow.
These methods thus still allow the corruption of control data to occur but rather than being subverted, the process may terminate or take some other defined error.
Few methods have attempted to prevent the corruption of control data, and those that have only focused on preventing the corruption of the return address.

We propose the use of multiple memory segments to support multiple stacks, heaps, .bss, and .data sections per process with the goal of segregating control and non-control data.
By segregating these different forms of data, we can prevent the corruption of control data by overflow and address manipulation of memory allocated for non-control data.
We show that the creation of these additional data segments per process can be implemented through modifications to the compiler.",
	affiliation = "Purdue University CERIAS",
}

Current News

Blog

Footer

RSS Feeds

Combined XML Feed News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast Twitter: @cerias, @ceriasarchive, #cerias

CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181

Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy

Intranet Site