iCruiser: An Improved Approach for Concurrent Heap Buffer Overflow Monitoring

Donghai TIAN  Xuanya LI  Mo CHEN  Changzhen HU  

IEICE TRANSACTIONS on Information and Systems   Vol.E97-D   No.3   pp.601-605
Publication Date: 2014/03/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E97.D.601
Print ISSN: 0916-8532
Type of Manuscript: LETTER
Category: Information Network
heap buffer overflow,  multi-core technology,  

Full Text: PDF(543.6KB)>>
Buy this Article

Heap buffer overflow has been extensively studied for many years, but it remains a severe threat to software security. Previous solutions suffer from limitations in that: 1) Some methods need to modify the target programs; 2) Most methods could impose considerable performance overhead. In this paper, we present iCruiser, an efficient heap buffer overflow monitoring system that uses the multi-core technology. Our system is compatible with existing programs, and it can detect the heap buffer overflows concurrently. Compared with the latest heap protection systems, our approach can achieves stronger security guarantees. Experiments show that iCruiser can detect heap buffer overflow attacks effectively with a little performance overhead.