• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.9
• /
• pp.283-290
• /
• 2023

With the recent steady development of IoT technology, it is widely used in medical systems and smart TV watches. 66% of software development is developed through language C, which is vulnerable to memory attacks, and acts as a threat to IoT devices using language C. A stack-smashing overflow attack inserts a value larger than the user-defined buffer size, overwriting the area where the return address is stored, preventing the program from operating normally. IoT devices with low memory capacity are vulnerable to stack smashing overflow attacks. In addition, if the existing vaccine program is applied as it is, the IoT device will not operate normally. In order to defend against stack smashing overflow attacks on IoT devices, we used canaries among several detection methods to set conditions with random values, checksum, and DSLR (random storage locations), respectively. Two canaries were placed within the buffer, one in front of the return address, which is the end of the buffer, and the other was stored in a random location in-buffer. This makes it difficult for an attacker to guess the location of a canary stored in a fixed location by storing the canary in a random location because it is easy for an attacker to predict its location. After executing the detection program, after a stack smashing overflow attack occurs, if each condition is satisfied, the program is terminated. The set conditions were combined to create a number of eight cases and tested. Through this, it was found that it is more efficient to use a detection method using DSLR than a detection method using multiple conditions for IoT devices.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.