Defeating buffer overflow attacks via virtualization

Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.