A processor architecture defense against buffer overflow attacks

Proceedings, ITRE 2003 - International Conference on Information Technology: Research and Education

Volumn , Issue , 2003, Pages 243-250

  McGregor, John P ^a   Karig, David K ^a   Shi, Zhijie ^a   Lee, Ruby B ^a  

^a Princeton University   (United States)

Author keywords

Buffer overflow; Computer security; Network security; Processor architecture; Return address corruption

Indexed keywords

EID: 50249180640     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ITRE.2003.1270612     Document Type: Conference Paper

References (25)

1. th USENIX Security Symposium, June 2000.
2. Bulba and Kil3r, "Bypassing StackGuard and StackShield," Phrack Magazine, vol. 10, issue 56, May 2000.
3. D. Burger and T. M. Austin, "The SimpleScalar Tool Set, Version 2.0," University of Wisconsin-Madison Computer Sciences Department Technical Report, no. 1342, June 1997.
4. CERT Coordination Center, http://www.cert.org/, Nov. 2001.
5. Compaq Computer Corporation, Alpha 21164 Microprocessor: Hardware Reference Manual, December 1998.
6. Compaq Computer Corporation, Alpha 21264 Microprocessor Hardware Reference Manual, July 1999.
7. th USENIX Security Symposium, Jan. 1998.
8. th USENIX Security Symposium, August 2001.
9. L. Hornof and T. Jim, "Certifying Compilation and Run-time Code Generation," Proceedings of the ACM Conference on Partial Evaluation and Semantics-Based Program Manipulation, January 1999.
10. K. J. Houle, G. M. Weaver, N. Long, and R. Thomas, "Trends in Denial of Service Attack Technology," CERT Coordination Center, October 2001.
11. Intel Corporation, The IA-32 Intel Architecture Software Developer's Manual, Volume 2: Instruction Set Reference, Intel Corporation, 2001.
12. D. R. Kaeli and P. G. Emma, "Branch History Table Prediction of Moving Target Branches Due to Subroutine Returns," Proc. of the International Symposium on Computer Architecture, pp. 34-41, May 1991.
13. klog, "The Frame Pointer Overwrite," Phrack Magazine, vol. 9, no. 55, Sept. 1999.
14. R. B. Lee, "Precision Architecture," IEEE Computer, vol. 22, no. 1, pp. 78-91, January 1989.
15. R. B. Lee, D. K. Karig, J. P. McGregor, and Z. Shi, "Enlisting Hardware Architecture to Thwart Malicious Code Injection," Proceedings of the International Conference on Security in Pervasive Computing, 2003.
16. J. McCarthy, "Take Two Aspirin, and Patch That System - Now," SecurityWatch, August 31, 2001.
17. S. Sair and M. Charney, "Memory Behavior of the SPEC2000 Benchmark Suite," IBM T. J. Watson Technical Report RC-21852, Oct. 2000.
18. The SANS Institute, "The SANS/FBI Twenty Most Critical Internet Security Vulnerabilities," Available at http://www.sans.org/top20/, October 2002.
19. st International Symposium on Microarchitecture, Nov. 1998.
20. SPARC International, Inc., The SPARC Architecture Manual, 1992.
21. The Standard Performance Evaluation Corporation, http://www.spec.org/, Nov. 2001.
22. J. Viega, J. T. Bloch, T. Kohno, and G. McGraw, "ITS4: A Static Vulnerability Scanner for C and C++ Code," Proc. of the 2000 Annual Computer Security Applications Conference (ACSAC 2000), Dec. 2000.
23. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 156-169, 2001.
24. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Network and Distributed System Security Symposium, Feb. 2000.
25. C. F. Webb, "Subroutine Call/Return Stack," IBM Technical Disclosure Bulletin, 30(11), April 1988.