A lightweight buffer overflow protection mechanism with failure-oblivious capability

Tz Rung Lee, Kwo Cheng Chiu, Da-Wei Chang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance.

Original languageEnglish
Title of host publicationAlgorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings
Pages661-672
Number of pages12
DOIs
Publication statusPublished - 2009 Sep 21
Event9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2009 - Taipei, Taiwan
Duration: 2009 Jun 82009 Jun 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5574 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2009
CountryTaiwan
CityTaipei
Period09-06-0809-06-11

Fingerprint

Buffer Overflow
Attack
Network security
Servers
Network Security
Availability
Internet
Terminate
Vulnerability
Data storage equipment
Server
Computing
Experiments
Experiment

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Lee, T. R., Chiu, K. C., & Chang, D-W. (2009). A lightweight buffer overflow protection mechanism with failure-oblivious capability. In Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings (pp. 661-672). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5574 LNCS). https://doi.org/10.1007/978-3-642-03095-6_62
Lee, Tz Rung ; Chiu, Kwo Cheng ; Chang, Da-Wei. / A lightweight buffer overflow protection mechanism with failure-oblivious capability. Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings. 2009. pp. 661-672 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{63354f6a9db64ad5a452d46b4deeb796,
title = "A lightweight buffer overflow protection mechanism with failure-oblivious capability",
abstract = "Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance.",
author = "Lee, {Tz Rung} and Chiu, {Kwo Cheng} and Da-Wei Chang",
year = "2009",
month = "9",
day = "21",
doi = "10.1007/978-3-642-03095-6_62",
language = "English",
isbn = "3642030947",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "661--672",
booktitle = "Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings",

}

Lee, TR, Chiu, KC & Chang, D-W 2009, A lightweight buffer overflow protection mechanism with failure-oblivious capability. in Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5574 LNCS, pp. 661-672, 9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2009, Taipei, Taiwan, 09-06-08. https://doi.org/10.1007/978-3-642-03095-6_62

A lightweight buffer overflow protection mechanism with failure-oblivious capability. / Lee, Tz Rung; Chiu, Kwo Cheng; Chang, Da-Wei.

Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings. 2009. p. 661-672 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5574 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A lightweight buffer overflow protection mechanism with failure-oblivious capability

AU - Lee, Tz Rung

AU - Chiu, Kwo Cheng

AU - Chang, Da-Wei

PY - 2009/9/21

Y1 - 2009/9/21

N2 - Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance.

AB - Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance.

UR - http://www.scopus.com/inward/record.url?scp=70349098862&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349098862&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-03095-6_62

DO - 10.1007/978-3-642-03095-6_62

M3 - Conference contribution

SN - 3642030947

SN - 9783642030949

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 661

EP - 672

BT - Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings

ER -

Lee TR, Chiu KC, Chang D-W. A lightweight buffer overflow protection mechanism with failure-oblivious capability. In Algorithms and Architectures for Parallel Processing - 9th International Conference, ICA3PP 2009, Proceedings. 2009. p. 661-672. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-03095-6_62