SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks

Leeds, United Kingdom October 02-October 04

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SRDS.2006.43

25th IEEE Symposium on Reliable Distr ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Takahiro Shinagawa

	ASCII Text	x
	Takahiro Shinagawa, "SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks," Reliable Distributed Systems, IEEE Symposium on, pp. 277-288, 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06), 2006.

	BibTex	x
	@article{ 10.1109/SRDS.2006.43, author = {Takahiro Shinagawa}, title = {SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks}, journal ={Reliable Distributed Systems, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1060-9857}, pages = {277-288}, doi = {http://doi.ieeecomputersociety.org/10.1109/SRDS.2006.43}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reliable Distributed Systems, IEEE Symposium on TI - SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks SN - 1060-9857 SP277 EP288 A1 - Takahiro Shinagawa, PY - 2006 KW - null VL - 0 JA - Reliable Distributed Systems, IEEE Symposium on ER -

Takahiro Shinagawa, Tokyo University of Agriculture & Technology

This paper presents a strong and efficient scheme for protecting against buffer overflow attacks. The basic approach of this scheme is pointer copying: copies of code pointers are stored in a safe memory area to detect and prevent the manipulation of code pointers. In order to protect the copied code pointers from data-pointer modification attacks, this scheme exploits the segmentation hardware of IA- 32 (Intel x86) processors. This scheme provides as strong protection as write-protecting the memory area via system calls. On the other hand, this scheme involves a modest overhead because copying a code pointer requires only a few user-level instructions and there is no penalty of entering the kernel. The experimental results show that the performance overhead in OpenSSL ranges from 0.9% to 4.3%.

Citation:

Takahiro Shinagawa, "SegmentShield: Exploiting Segmentation Hardware for Protecting against Buffer Overflow Attacks," srds, pp.277-288, 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.