|
SmashGuard:
A Hardware Solution to Prevent
Security Attacks on the Function Return Address
SmashGuard is a hardware-based solution developed by the SmashGuard
Group at Purdue University to prevent Buffer-Overflow Attacks realized
by overwriting the Function Return Address. At each function call,
SmashGuard keeps a copy of the function Return Address written to
the program stack in a LIFO buffer on the CPU - the Hardware Stack.
When a function returns to its caller (finishes), the Return Addresses
in the hardware stack is compared with the Return Address on the
program stack. A mismatch signals tampering with the Return Address
in the program stack - a sign of a Buffer Overflow attack. In that
case, a hardware exception is raised and the process is terminated
before the control is redirected to the modified return addresss.
The
design of SmashGuard is a kernel patch that supports CPUs modified
to support SmashGuard protection. For performance evaluation against
Stackguard, we ported StackGuard to Alpha architecture to perform
simulations on Simplescalar v.3.0, an Alpha CPU simulator widely
used by computer architecture research community. For details
please follow the links below:
|
|