• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.10
• /
• pp.4794-4800
• /
• 2012

Many researches have been performed to resist buffer overflow attacks. However, the attack still poses one of the most important issue in system security field. It is because programmers are using library functions containing security hole and once buffer overflow vulnerability has been found, the security patches are distributed after the attacks are widely spreaded. In this paper, we propose a new cache level return address stack architecture for resisting buffer overflow attack. We implemented our hardware onto SimpleScalar simulator and verified its functionality. Our circuit can overcome the various disadvantages of previous works with small overhead.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.1
• /
• pp.53-59
• /
• 2008

In spite of increasing complexity of wireless sensor network applications, most of the sensor node platforms still have severe resource constraints. Especially a small amount of memory and absence of a memory management unit (MMU) cause many problems in managing application thread stacks. Hence, a shared-stack was proposed, which allows several threads to share one single stack for minimizing the amount of memory wasted by fixed-size stacks. In this paper, we present the memory usage models for thread stacks by deriving the overflow probability of the fixed-size stack and the shared-stack and also show that the shared-stack is more reliable than the fixed-size stack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.772-775
• /
• 2004

After Morris' Internet Worm in 1988, the stack buffer overflow hacking became generally known to hackers and it has been used to attack systems and servers very frequently. Recently, many researches tried to prevent it, and several solutions were developed such as Libsafe and StackGuard; however, these solutions have a few problems. In this paper we present a new stack buffer overflow attack prevention technique that uses the system call monitoring mechanism and memory address where the system call is made.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.9
• /
• pp.283-290
• /
• 2023

With the recent steady development of IoT technology, it is widely used in medical systems and smart TV watches. 66% of software development is developed through language C, which is vulnerable to memory attacks, and acts as a threat to IoT devices using language C. A stack-smashing overflow attack inserts a value larger than the user-defined buffer size, overwriting the area where the return address is stored, preventing the program from operating normally. IoT devices with low memory capacity are vulnerable to stack smashing overflow attacks. In addition, if the existing vaccine program is applied as it is, the IoT device will not operate normally. In order to defend against stack smashing overflow attacks on IoT devices, we used canaries among several detection methods to set conditions with random values, checksum, and DSLR (random storage locations), respectively. Two canaries were placed within the buffer, one in front of the return address, which is the end of the buffer, and the other was stored in a random location in-buffer. This makes it difficult for an attacker to guess the location of a canary stored in a fixed location by storing the canary in a random location because it is easy for an attacker to predict its location. After executing the detection program, after a stack smashing overflow attack occurs, if each condition is satisfied, the program is terminated. The set conditions were combined to create a number of eight cases and tested. Through this, it was found that it is more efficient to use a detection method using DSLR than a detection method using multiple conditions for IoT devices.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.207-212
• /
• 2021

A buffer overflow attack is carried out to subvert privileged program functions to gain control of the program and thus control the host. Buffer overflow attacks should be prevented by risk managers by eradicating and detecting them before the software is utilized. While calculating the size, correct variables should be chosen by risk managers in situations where fixed-length buffers are being used to avoid placing excess data that leads to the creation of an overflow. Metamorphism can also be used as it is capable of protecting data by attaining a reasonable resistance level [1]. In addition, risk management teams should ensure they access the latest updates for their application server products that support the internet infrastructure and the recent bug reports [2]. Scanners that can detect buffer overflows' flaws in their custom web applications and server products should be used by risk management teams to scan their websites. This paper presents an experiment of buffer overflow vulnerability and attack. The aims to study of a buffer overflow mechanism, types, and countermeasures. In addition, to comprehend the current detection plus prevention approaches that can be executed to prevent future attacks or mitigate the impacts of similar attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.866-869
• /
• 2020

소프트웨어 개발 환경이 빠르게 변화함에 따라 시스템의 복잡성이 증가하고 있다. 이에 따라 크고 작은 소프트웨어의 버그를 피할 수 없게 되며 이를 효율적으로 처리하기 위해 Bug report 를 사용한다. 하지만, Bug report 에서 개발자가 해당 Bug report 의 우선순위를 결정하는 과정은 노력과 비용 그리고 시간을 많이 소모하게 만든다. 따라서, 본 논문에서는 Bug report 내의 Stack trace 를 기반으로 Bug 의 우선순위를 자동적으로 추천하는 기법을 제안한다. 이를 위해 본 연구에서는 첫 번째로 Bug report 로부터 Stack trace 를 추출하였으며 Stack trace 의 3 가지 요소(Exception, Reason 그리고 Stack frame)에 TF-IDF, Word2Vec 그리고 Stack overflow 를 사용하여 특징 벡터를 정의하였다. 그리고 Bug 의 우선순위 추천 모델을 생성하기 위해 4 가지의 Classification 알고리즘을(Random Forest, Decision Tree, XGBoost, SVM)을 적용하였다. 평가에서는 266,292 개의 JDK library 의 Bug report 데이터를 수집하였고 그중 Stack trace 를 가진 Bug report 로부터 68%의 정확도를 산출하였다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.6
• /
• pp.703-714
• /
• 2001

In C language, a local buffer overflow in stack can destroy control information stored near the buffer. In case the buffer overflow is used maliciously to overwrite the stored return address, the system is exposed to serious security vulnerabilities. This paper analyzes the process of buffer overflow hacking and methodologies to avoid the attacks in details. And it proposes a device of static buffer overflow detection by using function summary and tracking information flow of buffer domain at assembly source code level(SASS, Static Assembly Source code Scanner) and then show the feasibility and validity of it by implementing a prototype in Pentium based Linux environment.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.323-330
• /
• 2005

Buffer overflow is one of the most prevalent and critical internet security vulnerabilities. Recently, various methods to prevent buffer overflow attacks have been investigated, but they are still difficult to apply to real applications due to their run-time overhead. This paper suggests an efficient rewrite method to prevent buffer-overflow attacks only with lower costs by generating a redundant copy of the return address in stack frame and comparing return address to copied return address. Not to be overwritten by the attack data the new copy will have the lower address number than local buffers have. In addition, for a safer execution environment, every vulnerable function call is transformed during the rewriting procedure.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.1-11
• /
• 2001

There are several traditional factors of software quality. Some of them are such as correctness, reliability, efficiency, compatibility, portability, etc. In addition to them, security is required as another factor of software quality nowadays because some application programs are used as a way to attack information systems by stack frame manipulation. Each processor has its own peculiar stack frame mechanism and C language uses the characteristics of them. This paper explains the concept of security problem caused by stack frame manipulation, and the stack frame mechanism of Pentium, Alpha and SP ARC processor in detail. And then it examines the effect of stack frame mechanism on the security of programs in C language.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.