Defeating buffer overflow attacks via virtualization

Donghai Tian; Xi Xiong; Changzhen Hu; Peng Liu

doi:10.1016/j.compeleceng.2013.11.032

Defeating buffer overflow attacks via virtualization

Donghai Tian^*, Xi Xiong, Changzhen Hu, Peng Liu

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.

Original language	English
Pages (from-to)	1940-1950
Number of pages	11
Journal	Computers and Electrical Engineering
Volume	40
Issue number	6
DOIs	https://doi.org/10.1016/j.compeleceng.2013.11.032
Publication status	Published - Aug 2014

Access to Document

10.1016/j.compeleceng.2013.11.032

Cite this

@article{3514e87514634b1cac8cc04922592ce6,

title = "Defeating buffer overflow attacks via virtualization",

abstract = "Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.",

author = "Donghai Tian and Xi Xiong and Changzhen Hu and Peng Liu",

year = "2014",

month = aug,

doi = "10.1016/j.compeleceng.2013.11.032",

language = "English",

volume = "40",

pages = "1940--1950",

journal = "Computers and Electrical Engineering",

issn = "0045-7906",

publisher = "Elsevier Ltd.",

number = "6",

}

TY - JOUR

T1 - Defeating buffer overflow attacks via virtualization

AU - Tian, Donghai

AU - Xiong, Xi

AU - Hu, Changzhen

AU - Liu, Peng

PY - 2014/8

Y1 - 2014/8

N2 - Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.

AB - Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.

UR - http://www.scopus.com/inward/record.url?scp=84905996293&partnerID=8YFLogxK

U2 - 10.1016/j.compeleceng.2013.11.032

DO - 10.1016/j.compeleceng.2013.11.032

M3 - Article

AN - SCOPUS:84905996293

SN - 0045-7906

VL - 40

SP - 1940

EP - 1950

JO - Computers and Electrical Engineering

JF - Computers and Electrical Engineering

IS - 6

ER -

Defeating buffer overflow attacks via virtualization

Abstract

Access to Document

Other files and links

Fingerprint

Cite this