@inproceedings{4ff835353d88413fbaded80aff819672,
title = "Buffer overflow protection based on adjusting code segment limit",
abstract = "Stack smashing is a common mode of buffer overflow attack for hijacking system control. A segment-based non-executable stack approach is proposed and evaluated to defend against stack-based buffer overflow attacks under Windows operating system and Intel 32-bit CPUs. A kernel device driver is designed to relocate the application's user-mode stack to the higher address and to modify the effective limit in the code segment descriptor, in order to exclude the relocated stack from the code segment. Once any code that attempts to execute the malicious code residing in the stack, a general-protection exception of exceeding the segment limit is triggered so the malicious code will be terminated. It is highly effective in preventing both known and yet unknown stack smashing attacks, and its performance overhead is lower than the page-based non-executable stack approach.",
keywords = "Buffer Overflow, Kernel device driver, Memory management, Windows",
author = "Tan, {Yu An} and Zheng, {Ji Yan} and Cao, {Yuan Da} and Zhang, {Xue Lan}",
year = "2005",
doi = "10.1109/ISCIT.2005.1567023",
language = "English",
isbn = "0780395387",
series = "ISCIT 2005 - International Symposium on Communications and Information Technologies 2005, Proceedings",
pages = "916--919",
booktitle = "ISCIT 2005 - International Symposium on Communications and Information Technologies 2005, Proceedings",
note = "ISCIT 2005 - International Symposium on Communications and Information Technologies 2005 ; Conference date: 12-10-2005 Through 14-10-2005",
}