Defending embedded systems against buffer overflow via hardware/software

Zili Shao, Qingfeng Zhuge, Yi He, Edwin H.M. Sha

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

38 Citations (Scopus)

Abstract

Buffer over-flow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. We propose the hardware/software address protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack smashing attacks and function pointer attacks) and then provide two corresponding defending strategies. In our technique, hardware boundary check method and function pointer XOR method are used to protect a system against stack smashing attacks and function pointer attacks, respectively. Although the focus of the HSAP technique is on embedded systems because of the availability of hardware support, we show that the HSAP technique is applied to any type of processors to defend against buffer overflow attacks. We use four classes of processors to illustrate that the applicability of our technique is independent of architectures. We experiment with our HSAP technique in ARM Evaluator-7T simulation development environments. The results show that our HSAP technique defends a system against more types of buffer overflow attacks with little overhead.
Original languageEnglish
Title of host publicationProceedings - 19th Annual Computer Security Applications Conference, ACSAC 2003
PublisherIEEE Computer Society
Pages352-361
Number of pages10
Volume2003-January
ISBN (Electronic)0769520413
DOIs
Publication statusPublished - 1 Jan 2003
Externally publishedYes
Event19th Annual Computer Security Applications Conference, ACSAC 2003 - Las Vegas, United States
Duration: 8 Dec 200312 Dec 2003

Conference

Conference19th Annual Computer Security Applications Conference, ACSAC 2003
CountryUnited States
CityLas Vegas
Period8/12/0312/12/03

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this