| For decades, buffer-overflow attacks have remained the most persistent threat to the computer security world. The most common type of buffer-overflow attacks is an attack that changes the control flow by overflowing control data.; In this thesis, Secure Bit, architectural approach, is proposed to protect against buffer-overflow attacks on control data (return-address and function-pointer attacks in particular). Secure Bit provides a hardware bit to enforce the integrity of addresses from being modified by external data (input). Secure Bit is completely transparent to user software; providing full backward compatibility with legacy user code. It can detect and prevent all address-corrupting buffer-overflow attacks with little run-time performance penalty. Addresses passed in buffers between processes are marked insecure and control instructions using those addresses as targets will raise an exception. An important differentiating aspect of this protocol is that once an address has been marked as insecure there is no instruction to remark it as secure.; To validate Secure Bit, we first theoretically pursue a secure system with respect to buffer-overflow attacks and prove that Secure Bit provides a sufficient condition for preventing buffer-overflow attacks. Robustness and transparency are demonstrated by emulating the hardware, and booting Linux on the emulator, running application software on that Linux, and performing known attacks. In addition to the cost analysis and issues related to the success of Secure Bit, we also suggest possible attacks that may not be protected by Secure Bit.; In addition to the proposed Secure Bit, this thesis also provides a survey of current approaches against buffer-overflow attacks. Notably, approaches are conceptually grouped into three broad categories providing a platform for studying buffer-overflow protection schemes. |
