A lightweight buffer overflow protection mechanism with failure-oblivious capability

Tz Rung Lee, Kwo Cheng Chiu, Da Wei Chang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance.

Original languageEnglish
Title of host publicationAlgorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings
Pages661-672
Number of pages12
DOIs
Publication statusPublished - 2009 Sep 21
Event9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2009 - Taipei, Taiwan
Duration: 2009 Jun 82009 Jun 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5574 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2009
CountryTaiwan
CityTaipei
Period09-06-0809-06-11

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A lightweight buffer overflow protection mechanism with failure-oblivious capability'. Together they form a unique fingerprint.

  • Cite this

    Lee, T. R., Chiu, K. C., & Chang, D. W. (2009). A lightweight buffer overflow protection mechanism with failure-oblivious capability. In Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings (pp. 661-672). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5574 LNCS). https://doi.org/10.1007/978-3-642-03095-6_62