By Topic

Secure Bit: Transparent, Hardware Buffer-Overflow Protection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Piromsopa, K. ; Dept. of Comput. Sci. & Eng., Michigan State Univ. ; Enbody, R.J.

We propose a minimalist, architectural approach, Secure Bit (patent pending), to protect against buffer overflow attacks on control data (return-address and function-pointer attacks in particular). Secure Bit provides a hardware bit to protect the integrity of addresses for the purpose of preventing such buffer-overflow attacks. Secure Bit is transparent to user software: it provides backward compatibility with legacy user code. It can detect and prevent all address-corrupting buffer-overflow attacks with little runtime performance penalty. Addresses passed in buffers between processes are marked insecure, and control instructions using those addresses as targets will raise an exception. An important differentiating aspect of our protocol is that, once an address has been marked as insecure, there is no instruction to remark it as secure. Robustness and transparency are demonstrated by emulating the hardware, booting Linux on the emulator, running application software on that Linux, and performing known attacks

Published in:

Dependable and Secure Computing, IEEE Transactions on  (Volume:3 ,  Issue: 4 )