Protection against Buffer Overflow Attacks via Dynamic Binary Translation

• Published in: Reliable and Autonomous Computational Science pp. 305 - 324
• Main Authors: Chen, Chun-Chung, Hung, Shih-Hao, Lee, Chen-Pang
• Format: Book Chapter
• Language: English
• Published: Basel Springer Basel 2010
• Series: Autonomic Systems
• Subjects: Benchmark Program; Malicious Code; Performance Degradation; Return Address; Virtual Machine
• ISBN: 9783034800303; 3034800304
• DOI: 10.1007/978-3-0348-0031-0_16

Buffer overflow attacks are serious security threats to modern computer systems. Prior works against buffer overflow attacks may require users to patch the source codes, rebuild programs, modify the operating system or the augments of hardware architecture, and thus often result in performance degradation or restricted applicability. This paper proposes to protect a system from buffer overflow attacks with a mechanism based on dynamic binary translation. Our mechanism is capable of recovering corrupted data structures on the stack at runtime by dynamically inserting codes to guard the return address and stack frame pointer, without modification of the source code. We have implemented two tools using dynamic binary translation tools, Pin and QEMU. Experimental results showed that both tools detected buffer overflow attacks in our benchmark programs accurately. With our QEMU-based tool, the performance degradation ranged from 11.2% to 41% for realistic applications, which was 11 times less than a compiler-based solution such as Read-Only RAR. The performance of our mechanism and its applicability on various platforms make it an effective and viable solution for end users.