Implicit Buffer Overflow Protection Using Memory Segregation

Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken...

Full description

Saved in:
Bibliographic Details
Published in2011 Sixth International Conference on Availability, Reliability and Security pp. 175 - 182
Main Authors Roth, B. G., Spafford, E. H.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.08.2011
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken place or by ensuring that if corruption has taken place, it cannot be used to hijack a process' control flow. These methods thus still allow the corruption of control data to occur but, rather than being subverted, the process may terminate or take some other defined error. Few methods have attempted to prevent the corruption of control data, and those that have only focused on preventing the corruption of the return address. We propose the use of multiple memory segments to support multiple stacks, heaps, bss, and data sections per process with the goal of segregating control and non-control data. By segregating these different forms of data, we can prevent the corruption of control data by overflow and address manipulation of memory allocated for non-control data. We show that the creation of these additional data segments per process can be implemented through modifications to the compiler.
ISBN:1457709791
9781457709791
DOI:10.1109/ARES.2011.32