Yongsu Park and Yookun Cho
Seoul National University, email: yspark@ssrnet.snu.ac.kr
In this paper, we present a new efficient pointer protection method to defend buffer overflow attacks. It uses a simple watermark to protect the pointer: during dereferencing the pointer variable, a watermark is also written/updated and before referencing the pointer variable, it verifies consistency of the watermark. If the pointer's watermark does not exist or was damaged, our scheme regards this as an intrusion and the process will be stopped.
The proposed scheme has the following strong points. First, unlike other randomization schemes such as ASLR, StackGuard, and PointerGuard, our scheme has no possibility of malfunction caused by the execution of arbitrary instructions. Second, we implemented our scheme and conducted various experiments, which showed that our scheme is as secure as the previous randomization schemes. Third, experimental results showed that the performance degradation is almost negligible. Forth, unlike other randomization schemes, our scheme can support attack profiling.
Our scheme can be viewed as an approach to increase trustworthiness as well as to enhance security of the systems to be protected.