標題: | A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability |
作者: | Lee, Tz-Rung Chiu, Kwo-Cheng Chang, Da-Wei 資訊工程學系 Department of Computer Science |
關鍵字: | Buffer Overflow Attacks;Network Security;Self Reconfiguration;Failure-Oblivious Computing;Guard Pages |
公開日期: | 2009 |
摘要: | Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the Vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea Of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the Vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact oil the runtime performance. |
URI: | http://hdl.handle.net/11536/15873 |
ISBN: | 978-3-642-03094-9 |
ISSN: | 0302-9743 |
期刊: | ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PROCEEDINGS |
Volume: | 5574 |
起始頁: | 661 |
結束頁: | 672 |
Appears in Collections: | Conferences Paper |