Stack-based buffer overflows in Harvard class embedded systems

Abstract

Many embedded devices used to control critical infrastructure assets are based on the Harvard architecture. This architecture separates data and program memory into independent address spaces, unlike the von Neumann architecture, which uses a single address space for data and program code. Buffer overflow attacks in desktop and server platforms based on the von Neumann model have been studied extensively. However, buffer overflows in Harvard architectures have only just begun to receive attention. This paper demonstrates that stack-based buffer overflow vulnerabilities exist in embedded devices based on the Harvard architecture and that the vulnerabilities are easily exploited. The paper shows how the reversal in the direction of stack growth simplifies attacks by providing easier access to critical execution controls. Also, the paper examines defense techniques used in server and desktop systems and discusses their applicability to Harvard class machines. © IFIP International Federation for Information Processing 2009.