Architecting Security: A Secure Implementation of Hardware Buffer-Overflow Protection

K. Piromsopa (Thailand) and R.J. Enbody (USA)


Computer Architecture, Buffer Overflow, Security


Piromsopa and Enbody [1] proposed Secure Bit, a mechanism to protect against buffer overflow attacks on control data (return-addresses and function-pointers). This paper explores the architecture of Secure Bit: its implementation and its performance impact. We consider memory organization, cache organization, and processor modifications. Secure Bit provides a hardware bit and protocol to protect the integrity of addresses for the purpose of preventing buffer-overflow attacks. If an address is corrupted, an exception is raised. By changing only the semantics of the ISA Secure Bit is transparent to user software. An important differentiating aspect is that once an address has been marked as insecure there is no instruction to remark the address as secure. Our study shows that the implementation is straightforward. In particular, we find that cache organization is a critical component to the performance and success of Secure Bit.

Important Links:

Go Back