Run-time support for detection of memory access violations to prevent buffer overflow exploits

Abstract

Run-time memory access violations are one of the main causes of vulnerabilities in software systems. These violations occur since a run-time enforcement of some of the programming language semantics becomes excessively expensive. Violations of array bounds are reflected in a very common security exploit known as a buffer overflow exploit. We propose a hardware aided technique for bounds checking stack allocated data objects that reduces the overhead for bounds checking tremendously. Each stack access is verified to be within the stack frame as a hardware activity in parallel with rest of the load/store actions (and hence with no performance overhead). This allows the compiler to enforce the run time bounds only for pointer-based memory accesses in the static/global data and heap spaces. We profile the average number of pointer-based accesses into the stack region (about 40%) and the average number of stack allocated aggregate objects (about 33%) over eight benchmark programs. This reduces the complexity of the run-time checks by approximately 60%. We demonstrate through an instruction level architecture simulator, that the performance overhead of hardware stack bounds checking is very close to zero. We also implement a prototype compiler extension (based on the GNU C Compiler) for checking memory accesses only for global and static address spaces. The performance overhead of our dynamic bounds checking aided by hardware stack bounds check support is approximately 2x on the average over a mix of eight pointer intensive benchmark programs and SPEC 2000 benchmark programs (as opposed to the reported overhead of 30x without such hardware support). We also describe how the compiler technique can be extended to check heap addresses. © Springer-Verlag Berlin Heidelberg 2003.