Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software

Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software

With more embedded systems networked, it becomes an important problem to effectively defend embedded systems against buffer overflow attacks. Due to the increasing complexity and strict requirements, off-the-shelf software components are widely used in embedded systems, especially for military and o...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers Vol. 55; no. 4; pp. 443 - 453
Main Authors: Zili Shao, Xue, C., Zhuge, Q., Qiu, M., Bin Xiao, Sha, E.H.-M.
Format: Journal Article
Language:English
Published: New York IEEE 01-04-2006
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Benchmarks
Buffer memories
buffer overflow attack
Buffers
Computer information security
Computer programs
Computer simulation
Data security
embedded system
Embedded systems
Hardware
hardware/software
Object oriented programming
protection
Security
Software
Strategy
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With more embedded systems networked, it becomes an important problem to effectively defend embedded systems against buffer overflow attacks. Due to the increasing complexity and strict requirements, off-the-shelf software components are widely used in embedded systems, especially for military and other critical applications. Therefore, in addition to effective protection, we also need to provide an approach for system integrators to efficiently check whether software components have been protected. In this paper, we propose the HSDefender (Hardware/Software Defender) technique to perform protection and checking together. Our basic idea is to design secure call instructions so systems can be secured and checking can be easily performed. In the paper, we classify buffer overflow attacks into two categories and provide two corresponding defending strategies. We analyze the HSDefender technique with respect to hardware cost, security, and performance. We experiment with our HSDefender technique on the simplescalar/ARM simulator with benchmarks from MiBench, an embedded benchmark suite. The results show that our HSDefender technique can defend a system against more types of buffer overflow attacks with less overhead compared with the previous work.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2006.59