Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software

Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao, Edwin H.M. Sha

Research output: Journal article publicationJournal articleAcademic researchpeer-review

96 Citations (Scopus)

Abstract

With more embedded systems networked, it becomes an important problem to effectively defend embedded systems against buffer overflow attacks. Due to the increasing complexity and strict requirements, off-the-shelf software components are widely used in embedded systems, especially for military and other critical applications. Therefore, in addition to effective protection, we also need to provide an approach for system integrators to efficiently check whether software components have been protected. In this paper, we propose the HSDefender (Hardware/Software Defender) technique to perform protection and checking together. Our basic idea is to design secure call instructions so systems can be secured and checking can be easily performed. In the paper, we classify buffer overflow attacks into two categories and provide two corresponding defending strategies. We analyze the HSDefender technique with respect to hardware cost, security, and performance. We experiment with our HSDefender technique on the SimpleScalar/ARM simulator with benchmarks from MiBench, an embedded benchmark suite. The results show that our HSDefender technique can defend a system against more types of buffer overflow attacks with less overhead compared with the previous work.
Original languageEnglish
Pages (from-to)443-453
Number of pages11
JournalIEEE Transactions on Computers
Volume55
Issue number4
DOIs
Publication statusPublished - 1 Apr 2006

Keywords

  • Buffer overflow attack
  • Embedded system
  • Hardware/software
  • Protection
  • Security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Hardware and Architecture
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software'. Together they form a unique fingerprint.

Cite this