Defeating buffer overflow attacks via virtualization

• We propose an on-the-fly buffer overflow prevention mechanism, which can protect the target program without restarting it.
• We make use of the virtualization technology to transparently defend against buffer overflow attacks.
• Our system does not need any changes to the existing programs and OS, and it can be easily deployed in the VM environment.

Buffer overflow defenses have been comprehensively studied for many years. Different from previous solutions, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. Generally, the working process of PHUKO can be divided into two stages. First, we utilize static binary analysis to identify the instructions offline which are the entries of vulnerable functions. Second, by combining virtual machine introspection and online patching, PHUKO instruments the protected running program on-the-fly with memory safety enforcement. The experiments show that our system can defend against realistic buffer overflow attacks effectively with a moderate performance overhead.

Figure optionsDownload as PowerPoint slide