可变记录表:缓解缓冲区溢出攻击的运行时解决方案

2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS) Pub Date : 2019-08-01 DOI:10.1109/MWSCAS.2019.8884869

Love Kumar Sah, S. A. Islam, S. Katkoori

{"title":"可变记录表:缓解缓冲区溢出攻击的运行时解决方案","authors":"Love Kumar Sah, S. A. Islam, S. Katkoori","doi":"10.1109/MWSCAS.2019.8884869","DOIUrl":null,"url":null,"abstract":"We present a novel approach to mitigate buffer overflow attack using Variable Record Table (VRT). Dedicated memory space is used to automatically record base and bound information of variables extracted during runtime. We instrument frame pointer and function(s) related registers to decode variable memory space in stack and heap. We have modified Simplescalar/PISA simulator to extract variables space of six (6) benchmark suites from MiBench. We have tested 290 small C programs (MIT corpus suite) having 22 different buffer overflow vulnerabilities in stack and heap. Experimental results show that our approach can detect buffer overflow attack with zero instruction overhead with the memory space requirement up to 13Kb to maintain VRT for a program with 324 variables.","PeriodicalId":287815,"journal":{"name":"2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS)","volume":"51 3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Variable Record Table: A Run-time Solution for Mitigating Buffer Overflow Attack\",\"authors\":\"Love Kumar Sah, S. A. Islam, S. Katkoori\",\"doi\":\"10.1109/MWSCAS.2019.8884869\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a novel approach to mitigate buffer overflow attack using Variable Record Table (VRT). Dedicated memory space is used to automatically record base and bound information of variables extracted during runtime. We instrument frame pointer and function(s) related registers to decode variable memory space in stack and heap. We have modified Simplescalar/PISA simulator to extract variables space of six (6) benchmark suites from MiBench. We have tested 290 small C programs (MIT corpus suite) having 22 different buffer overflow vulnerabilities in stack and heap. Experimental results show that our approach can detect buffer overflow attack with zero instruction overhead with the memory space requirement up to 13Kb to maintain VRT for a program with 324 variables.\",\"PeriodicalId\":287815,\"journal\":{\"name\":\"2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS)\",\"volume\":\"51 3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MWSCAS.2019.8884869\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MWSCAS.2019.8884869","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

提出了一种利用可变记录表(VRT)来缓解缓冲区溢出攻击的新方法。使用专用内存空间自动记录运行时提取的变量的基信息和绑定信息。我们使用帧指针和函数相关寄存器来解码堆栈和堆中的可变内存空间。我们修改了Simplescalar/PISA模拟器，以从MiBench中提取六(6)个基准套件的变量空间。我们已经测试了290个小型C程序(MIT语料库套件)，它们在堆栈和堆中有22个不同的缓冲区溢出漏洞。实验结果表明，我们的方法可以在零指令开销的情况下检测缓冲区溢出攻击，对于一个324个变量的程序，维持VRT的内存空间需求高达13Kb。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Variable Record Table: A Run-time Solution for Mitigating Buffer Overflow Attack

We present a novel approach to mitigate buffer overflow attack using Variable Record Table (VRT). Dedicated memory space is used to automatically record base and bound information of variables extracted during runtime. We instrument frame pointer and function(s) related registers to decode variable memory space in stack and heap. We have modified Simplescalar/PISA simulator to extract variables space of six (6) benchmark suites from MiBench. We have tested 290 small C programs (MIT corpus suite) having 22 different buffer overflow vulnerabilities in stack and heap. Experimental results show that our approach can detect buffer overflow attack with zero instruction overhead with the memory space requirement up to 13Kb to maintain VRT for a program with 324 variables.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS)

自引率

0.00%

发文量