Enforcement of Architectural Safety Guards to Deter Malicious Code Attacks through Buffer Overflow Vulnerabilities

Abstract

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Slammer. In this paper, we propose a new architectural solution to detect and deter the buffer overflow exploit. The idea is that the buffer overflow attacks usually exhibit abnormal symptoms in the system. This kind of unusual behavior can be simply detected by checking the integrity of instruction and data references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the integrity rules are negligible. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed safety guards. By randomly corrupting stack and other data sections of a process’s address space during simulation, we create various buffer overflow scenarios, including both stack and heap smashing. Experimental data shows that enforcing two safety guards not only reduces the number of system failures substantially but it also circumvents virtually all forms of malicious code execution made by stack smashing or function pointer corruptions.KeywordsReturn AddressMalicious CodeBuffer OverflowData CorruptionBranch TargetThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.