A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device
At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace...
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2018-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8536378/ |
| _version_ | 1826911961988726784 |
|---|---|
| author | Bin Xu Weike Wang Qiang Hao Zhun Zhang Pei Du Tongsheng Xia Hongge Li Xiang Wang |
| author_facet | Bin Xu Weike Wang Qiang Hao Zhun Zhang Pei Du Tongsheng Xia Hongge Li Xiang Wang |
| author_sort | Bin Xu |
| collection | DOAJ |
| description | At present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace the execution behavior of programs. Another one is secure tag validation used to monitor the attributes of every memory segment. The automated extraction tools extract the monitoring model and secure tag of each memory segment at the compile time. At run-time, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior, if not the appropriate response mechanisms will be triggered. The proposed schemes don’t change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can detect a wide range of buffer overflow attacks. And it takes low performance penalties and minimal overheads. |
| first_indexed | 2024-12-22T19:33:44Z |
| format | Article |
| id | doaj.art-b7e8372b0af349a6951868a4fa457f2b |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2025-02-17T10:23:14Z |
| publishDate | 2018-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-b7e8372b0af349a6951868a4fa457f2b2025-01-01T00:00:53ZengIEEEIEEE Access2169-35362018-01-016728627286910.1109/ACCESS.2018.28814478536378A Security Design for the Detecting of Buffer Overflow Attacks in IoT DeviceBin Xu0https://orcid.org/0000-0002-4462-4160Weike Wang1Qiang Hao2Zhun Zhang3Pei Du4Tongsheng Xia5Hongge Li6Xiang Wang7School of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing, ChinaAt present, the IoT devices face many kinds of software and hardware attacks, especially buffer overflow attacks. This paper presents an architectural-enhanced security hardware design to detect buffer overflow attacks. One part of the design is instructions monitoring and verification used to trace the execution behavior of programs. Another one is secure tag validation used to monitor the attributes of every memory segment. The automated extraction tools extract the monitoring model and secure tag of each memory segment at the compile time. At run-time, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior, if not the appropriate response mechanisms will be triggered. The proposed schemes don’t change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can detect a wide range of buffer overflow attacks. And it takes low performance penalties and minimal overheads.https://ieeexplore.ieee.org/document/8536378/Securitybuffer overflowIoT deviceexecution behaviorintrusion detectionsecure tag |
| spellingShingle | Bin Xu Weike Wang Qiang Hao Zhun Zhang Pei Du Tongsheng Xia Hongge Li Xiang Wang A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device IEEE Access Security buffer overflow IoT device execution behavior intrusion detection secure tag |
| title | A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device |
| title_full | A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device |
| title_fullStr | A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device |
| title_full_unstemmed | A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device |
| title_short | A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device |
| title_sort | security design for the detecting of buffer overflow attacks in iot device |
| topic | Security buffer overflow IoT device execution behavior intrusion detection secure tag |
| url | https://ieeexplore.ieee.org/document/8536378/ |
| work_keys_str_mv | AT binxu asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT weikewang asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT qianghao asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT zhunzhang asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT peidu asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT tongshengxia asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT honggeli asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT xiangwang asecuritydesignforthedetectingofbufferoverflowattacksiniotdevice AT binxu securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT weikewang securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT qianghao securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT zhunzhang securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT peidu securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT tongshengxia securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT honggeli securitydesignforthedetectingofbufferoverflowattacksiniotdevice AT xiangwang securitydesignforthedetectingofbufferoverflowattacksiniotdevice |