| With a wide range of embedded systems applications,the security of embedded systems become more and more important. As the most common software vulnerabilities,buffer overflow poses a serious threat to embedded systems security. To improve the ability of defense buffer overflow attacks,building a hardware defense mechanism based on fine granularity instruction flow monitor in the embedded processor architecture.From comparing the existing detection technology and research the instruction-level behavior of buffer overflow attacks,building a hardware defense mechanism based on fine granularity instruction flow monitor in the embedded processor architecture. Monitoring unit interception the instruction stream in the data path of the cache and the pipeline,through virtual implement the instruction,extracting monitoring information something like buffer boundary address in instruction stream. Based on these information,make the attack code accepts the buffer boundary check,stack boundary check,return address check and jump instruction check,intercept attacks on the key nodes of buffer overflow attacks,enhance system dynamic security. From the simulation and FPGA verification,monitoring unit can effectively defense buffer overflow attacks. Evaluate the design by ISE, monitoring unit have only 15% hardware overhead and 0.1% performance overhead.The main characteristic of this thesis is through building virtual execution unit to obtain monitoring information,neither modify the program or destroy the pipeline integrity. The instructions was synchronization in the pipeline and the virtual execution unit,have little performance effect by hiding the processing time,our protection mechanism could be used to prevent buffer overflow attacks in other embedded systems. |
PDF Full Text Request