Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks

Zili Shao, Jiannong Cao, Chun Chung Chan, Chun Xue, Edwin H M Sha

Research output: Journal article publicationJournal articleAcademic researchpeer-review

6 Citations (Scopus)

Abstract

Malicious intrusions by buffer overflow attacks cause serious security problems and pose serious threats for networks and distributed systems such as clusters, Grids and P2P systems. Array & pointer boundary checking is one of the most effective approaches for defending against buffer overflow attacks. However, a big performance overhead may occur after boundary checking is applied. Typically, it may cause 2-5 times slowdown [T.M. Austin, E.B. Scott, S.S. Gurindar, Efficient detection of all pointer and array access errors, in: Proceedings of the ACM SIGPLAN '94 Conference on Programming Language Design and Implementation, 1994, pp. 290-301; R.W.M. Jones, P.H.J. Kelly, Backwards-compatible bounds checking for arrays and pointers in c programs, in: The Third International Workshop on Automated and Algorithmic Debugging, 1997, pp. 13-26]. In this paper, we propose a hardware/software method to optimize the performance of array & pointer boundary checking by designing a special boundary checking instruction. The experimental results show that our method can effectively reduce the overhead of array & pointer boundary checking.
Original languageEnglish
Pages (from-to)1129-1136
Number of pages8
JournalJournal of Parallel and Distributed Computing
Volume66
Issue number9
DOIs
Publication statusPublished - 1 Sept 2006

Keywords

  • Array & pointer boundary checking
  • Buffer overflow
  • Hardware/software optimization

ASJC Scopus subject areas

  • Computer Science Applications
  • Hardware and Architecture
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks'. Together they form a unique fingerprint.

Cite this