標題: A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
作者: Lee, Tz-Rung
Chiu, Kwo-Cheng
Chang, Da-Wei
資訊工程學系
Department of Computer Science
關鍵字: Buffer Overflow Attacks;Network Security;Self Reconfiguration;Failure-Oblivious Computing;Guard Pages
公開日期: 2009
摘要: Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the Vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea Of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the Vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact oil the runtime performance.
URI: http://hdl.handle.net/11536/15873
ISBN: 978-3-642-03094-9
ISSN: 0302-9743
期刊: ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PROCEEDINGS
Volume: 5574
起始頁: 661
結束頁: 672
Appears in Collections:Conferences Paper