ECTI TRANSACTIONS ON COMPUTER INFORMATION TECHNOLOGYVolume 14, No. 02, Month NOVEMBER, Year 2020, Pages 162 - 173
Boundary bit: architectural bound checking for buer-over ow protection
Sirisara Chiamwongpaet, Krerk Piromsopa
Abstract Download PDFWe propose Boundary Bit, a new architectural bound-checking approach that detects and prevents buffer overflow attacks. Boundary Bit extends an architecture by associating a bit to each memory entry. Software can set a (boundary) bit to delimit an object. On each memory access, the hardware will dynamically validate the object"es bound using the boundary bit. With minimal hints from the compiler, our architectural design eliminates most (if not all) types of buffer-overflow attacks. These include attacks on non-control data (variables and arguments) and array-indexing errors. We evaluate the performance of Boundary Bit using simulation, and the results show that the majority of performance overheads lies in bit scanning operations. To mitigate performance overheads, we introduce a hardware bitmap to act as a cache. The results from our simulation shows that the hardware bitmap can absorb most overhead from bit scanning, which in the best-case scenario translated to 30 times speed up compared to the version that does not utilize bitmap cache.
Buer over ow, Invasive software, Se- curity kernels, Security and protection, System ar- chitectures, Unauthorized access