Krerk Piromsopa and Richard J. Enbody
March, 2005
We propose a new, minimalist, architectural approach, SecureBit2, to protect against buffer overflow attacks on control data (return-address and function-pointer attacks in particular). Secure Bit is a concept to provide a hardware bit to protect the integrity of addresses for the purpose of preventing buffer-overflow attacks. SecureBit2 is our second implementation of a protocol to manage the Secure Bit. SecureBit2 is completely transparent to software, and provides 100% backward compatible with legacy code. Unlike several methods that only reduce the probability of a successful attack, SecureBit2 can detect and prevent all address-corrupting buffer-overflow attacks. SecureBit2 is transparent to software, and has little run-time performance penalty (almost none). The goal of SecureBit2 is to provide hardware support to protect against current and future generations of buffer-overflow attacks by protecting the integrity of addresses: addresses passed in buffers between processes are invalid. Included is our formalization that validates the mechanism of the SecureBit2. Robustness and transparency are demonstrated by emulating the hardware, and booting Linux on the emulator, running application software on that Linux, and performing known attacks.
You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format.