Zili Shao,Chun Jason Xue,Qingfeng Zhuge,Edwin H.‐M. Sha,Bin Xiao

DOI: https://doi.org/10.1109/itcc.2004.1286489

2004-01-01

Abstract:With more embedded systems networked, it becomes an important research problem to effectively defend embedded systems against buffer overflow attacks and efficiently check if systems have been protected. In this paper, we propose the HSDefender (hardware/software Defender) technique that considers the protection and checking together to solve this problem. Our basic idea is to design a secure instruction set and require third-party software developers to use secure instructions to call functions. Then the security checking can be easily performed by system integrators even without the knowledge of the source code. We first classify buffer overflow attacks into two categories, stack smashing attacks and function pointer attacks, and then provide two corresponding defending strategies. We analyze the HSDefender technique in respect of hardware cost, security, and performance, and experiment with it on the SimpleScalar/ARM simulator using benchmarks from MiBench. The results show that HSDefender can defend a system against more types of buffer overflow attacks with less overhead compared with the previous work.

Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ITNEC.2019.8729362

2019-01-01

Abstract:As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Zichen Zhou,Bo Yin,Renhao Fan,Tao Liu,Bin Xu,Xiang Wang

2011-01-01

Abstract:Most embedded systems present a number of software vulnerabilities, such as buffer overflow, while the physical attacks are becoming popular as well. This paper presents a series of novel architectural-enhanced security solutions. The automated compiler extracts the intrusion model for intrusion detection and secure tag of each main memory segment at the compile time automatically. At runtime, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior and trigger appropriate response mechanisms. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can eliminate a wide range of common software and physical attacks with low performance penalties and minimal overheads.

Zili Shao,Chun Xue,Qingfeng Zhuge,Edwin H. -M. Sha,Bin Xiao

DOI: https://doi.org/10.1109/ITCC.2005.140

2005-01-01

Abstract:Buffer overflow attacks cause serious security problems. Array & pointer bound checking is one of the most effective approaches for defending against buffer overflow attacks when source code is available. However, original array & pointer bound checking causes too much overhead since it is designed to catch memory errors and it puts too many checks. In this paper, we propose an efficient array & pointer bound checking strategy to defend against buffer overflow attacks. In our strategy, only the bounds of write operations are checked. We discuss the optimization strategy via hardware/software and conduct experiments. The experimental results show that our strategy can greatly reduce the overhead of array & pointer bound checking. Our conclusion is that based on our strategy, array & pointer bound checking can be a practical solution for defending systems against buffer overflow attacks with tolerable overhead.

Zhenliang An,Weike Wang,Wenxin Li,Senyang Li,Dexue Zhang

DOI: https://doi.org/10.3390/mi14081525

IF: 3.4

2023-07-30

Micromachines

Abstract:The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

HU Zhong-wang,LIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.07.003

2006-01-01

Abstract:It is difficult to protect the safety of modern computer systems by software method, hardware-based security technology is a new and important topic. The buffer overflow, harm to systems and intrusion mechanism are analyzed. The principle of NX(No eXecute bit) technology to prevent buffer overflow attack based on CPU hardware and implementation are explained. The works are beneficial to the research of CPU made in china.

Xiang Wang,Zhun Zhang,Qiang Hao,Dongdong Xu,Jiqing Wang,Haoyu Jia,Zhiyu Zhou

DOI: https://doi.org/10.3390/mi12121450

2021-11-26

Abstract:The hardware security of embedded systems is raising more and more concerns in numerous safety-critical applications, such as in the automotive, aerospace, avionic, and railway systems. Embedded systems are gaining popularity in these safety-sensitive sectors with high performance, low power, and great reliability, which are ideal control platforms for executing instruction operation and data processing. However, modern embedded systems are still exposing many potential hardware vulnerabilities to malicious attacks, including software-level and hardware-level attacks; these can cause program execution failure and confidential data leakage. For this reason, this paper presents a novel embedded system by integrating a hardware-assisted security monitoring unit (SMU), for achieving a reinforced system-on-chip (SoC) on ensuring program execution and data processing security. This architecture design was implemented and evaluated on a Xilinx Virtex-5 FPGA development board. Based on the evaluation of the SMU hardware implementation in terms of performance overhead, security capability, and resource consumption, the experimental results indicate that the SMU does not lead to a significant speed degradation to processor while executing different benchmarks, and its average performance overhead reduces to 2.18% on typical 8-KB I/D-Caches. Security capability evaluation confirms the monitoring effectiveness of SMU against both instruction and data tampering attacks. Meanwhile, the SoC satisfies a good balance between high-security and resource overhead.

Qiang Zeng,Mingyi Zhao,Peng Liu

DOI: https://doi.org/10.1109/dsn.2015.54

2015-06-01

Abstract:For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named HeapTherapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in realtime. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated HeapTherapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006); it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Wei Jiang

2002-01-01

Abstract:Buffer overflow attacking is a seriously problem in network security. The paper analyses deeply the principle and possible of buffer overflow attacking. At last propose the method to defense buffer overflow attacking in writing programmer.

Chang Liu,Yan-Jun Wu,Jing-Zheng Wu,Chen Zhao

DOI: https://doi.org/10.1186/s42400-023-00164-x

2023-01-01

Abstract:Buffer overflow poses a serious threat to the memory security of modern operating systems. It overwrites the contents of other memory areas by breaking through the buffer capacity limit, destroys the system execution environment, and provides implementation space for various system attacks such as program control flow hijacking. That makes it a wide range of harms. A variety of security technologies have been proposed to deal with system security problems including buffer overflow. For example, No eXecute (NX for short) is a memory management technology commonly used in Harvard architecture. It can refuse the execution of code which residing in a specific memory, and can effectively suppress the abnormal impact of buffer overflow on control flow. Therefore, in recent years, it has also been used in the field of system security, deriving a series of solutions based on NX technology, such as ExecShield, DEP, StackGuard, etc. However, these security solutions often rely too much on the processor architecture so that the protection coverage is insufficient and the accuracy is limited. Especially in the emerging system architecture field represented by RISC-V, there is still a lack of effective solutions for buffer overflow vulnerabilities. With the continuous rapid development of the system architecture, it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development. Therefore, we propose BOP, A new system memory security design method based on RISC-V extended instructions, to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RISC-V. According to this method, NX technology can be combined with program control flow analysis, and NX bit mechanism can be used to manage the executability of memory space, so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment. In addition, The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system, but also widely applicable to the combination of multiple heterogeneous systems.

Tai Yue,Fengwei Zhang,Zhenyu Ning,Pengfei Wang,Xu Zhou,Kai Lu,Lei Zhou

DOI: https://doi.org/10.1109/tifs.2024.3372816

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Many modern processors have embedded hardware tracing techniques (e.g., Intel Processor Trace or ARM CoreSight). While these techniques are widely used due to their transparency and low overhead, they also bring serious security threats. Attackers can utilize hardware tracing to trace the trusted applications from a non-secure application. Existing protection techniques fail to effectively protect the runtime information when hardware tracing is employed. To counter these threats, in this paper, we propose a novel direction called anti-hardware tracing. Our key idea is to exploit the limitations of hardware tracing: trace buffer overflow can cause trace data loss. We build a model to analyse the overflow and outline three principles for efficient triggering overflows and achieving anti-hardware tracing: numerous branches in the program, high-speed execution of the program, and the high-water mark of the trace buffer. We develop a framework called Armor on ARM Juno R2 to realize our approach. Armor protects software against the trace unit Embedded Trace Macrocell (ETM) in CoreSight by instrumenting protection and loop functions. The protection function detects runtime environments, efficiently fills the trace buffer, and employs various protection strategies like PID (process identifier) replacement and PIE+STRIP+ASLR. Meanwhile, the loop function triggers overflows efficiently based on context-based calculations and anti-ETM loop. Our evaluation demonstrates that the overhead of Armor is 77.31% lower than that of OLLVM [1] on SPEC2006. Armor effectively hides 54.51% of basic blocks across 16 real-world applications, triggering 113× more overflows. Moreover, we showcase two practical applications of Armor. Firstly, we conduct a cryptographic and cross-world attack on GnuPG 1.4.13 RSA private keys using ETM, which can steal entire keys from a program in the Secure world with a single run. Armor successfully reduces leaked bits by 84.5%. Secondly, Armor impedes hardware-assisted fuzzing by reducing throughput by 89.71% and branch coverage by 47.99%.

computer science, theory & methods,engineering, electrical & electronic

Christof Fetzer,Zhen Xiao

DOI: https://doi.org/10.1109/RELDIS.2001.969756

2001-01-01

Abstract:Buffer overflow attacks are a major cause of secu- rity breaches in modern operating systems. Not only are overflows of buffers on the stack a security threat, over- flows of buffers kept on the heap can be too. A mali- cious user might be able to hijack the control flow of a root-privileged program if the user can initiate an over- flow of a buffer on the heap when this overflow over- writes a function pointer stored on the heap. This paper presents a fault-containment wrapper which provides ef- fective and efficient protection against heap buffer over- flows caused by C library functions. The wrapper inter- cepts every function call to the C library that can write to the heap and performs careful boundary checks before it calls the original function. This method is transparent to existing programs and does not require source code modification or recompilation. Experimental results on Linux machines indicate that the performance overhead is small.

WANG Ye-jun,NI Xi-zhen,WEN Wei-ping,JIANG Jian-chun

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.10.033

2005-01-01

Abstract:The buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. After the principle of the buffer overflow attack is explained, this paper analyzes the causes leading to the attacks. Then the usual attack types the attackers often exploit are presented. Last, the common measures to defend these attacks and my own idea about the solution of this problem by modifying the compiler and the relevant functions of the system are given.

Xiaoguang Wang,Yong Qi,Chi Zhang,Saiyu Qi,Peijian Wang

DOI: https://doi.org/10.1109/COMPSAC.2017.206

2017-01-01

Abstract:Software memory disclosure attacks, such as buffer over-read, often work quietly and would cause secret data leakage. The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers' private keys, which caused most of the Internet services insecure at that time. Existing solutions are either hard to apply to large code bases (e.g., through formal verification [20] or symbolic execution [8] on program code), or too heavyweight (e.g., by involving a hypervisor software [23], [24] or a modified operating system kernel [17]). In this paper, we propose SecretSafe, a lightweight and easy-to-use system which leverages the traditional x86 segmentation mechanism to isolate the application secrets from the remaining data. Software developers could prevent the secrets from being leaked out by simply declaring the secret variables with SECURE keyword. Our customized compiler will automatically separate the secrets from the remaining non-secret data with an isolated memory segment. Any legal instructions that have to access the secrets will be automatically instrumented to enable accesses to the isolated segment. We have implemented a SecretSafe prototype with the open source LLVM compiler framework. The evaluation shows that SecretSafe is both secure and efficient.

Miao Yu,Peijie Yu,Shang Gao,Qian Lin,Min Zhu,Zhengwei Qi

DOI: https://doi.org/10.1109/fcst.2009.45

2009-01-01

Abstract:Commodity operating systems are usually large and complex, leading host-based security tools often provide inadequate protection against malware because execution environment for software is untrusted. As a result, most software currently uses various ways to defend malware attacks. However, these approaches not only raise the complexity of the software but also fail to offer an engrained security solution. The focal point in the software protection battle is how to protect effectively versus how to conceal the protector from untrusted OSes. This paper describes a lightweight, transparent and flexible architecture framework called HBSP (Hypervisor Based Software Protector)for software protection. HBSP, which is based on hardware virtualization extension technology such as Intel VT, and by taking advantage of Memory-Hiding strategy, resides completely outside of the target OS environment. Our security analysis and the performance experiment results demonstrate that HBSP effectively protects applications running on unmodified Windows XP, while the total overhead is only 0.25% in average.

Minglei SHANG,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.014

2005-01-01

Abstract:The principle of buffer overflow and overflow string are analyzed.Then several typical real-time buffer overflow attacks detectionmethods are analyzed.At last, a real-time buffer overflow attack detection approach based on system calls is presented.This approach adds mandatoryaccess control to original system call function by the means of hijacking system calls.In the way of monitoring illegal system calls,it can detect andprevent various buffer overflow attacks of improving priviledge.