Implicit Buffer Overflow Protection Using Memory Segregation
Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken...
Saved in:
Published in | 2011 Sixth International Conference on Availability, Reliability and Security pp. 175 - 182 |
---|---|
Main Authors | , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.08.2011
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken place or by ensuring that if corruption has taken place, it cannot be used to hijack a process' control flow. These methods thus still allow the corruption of control data to occur but, rather than being subverted, the process may terminate or take some other defined error. Few methods have attempted to prevent the corruption of control data, and those that have only focused on preventing the corruption of the return address. We propose the use of multiple memory segments to support multiple stacks, heaps, bss, and data sections per process with the goal of segregating control and non-control data. By segregating these different forms of data, we can prevent the corruption of control data by overflow and address manipulation of memory allocated for non-control data. We show that the creation of these additional data segments per process can be implemented through modifications to the compiler. |
---|---|
ISBN: | 1457709791 9781457709791 |
DOI: | 10.1109/ARES.2011.32 |