Cybersecurity (Sep 2023)
A buffer overflow detection and defense method based on RISC-V instruction set extension
Abstract
Abstract Buffer overflow poses a serious threat to the memory security of modern operating systems. It overwrites the contents of other memory areas by breaking through the buffer capacity limit, destroys the system execution environment, and provides implementation space for various system attacks such as program control flow hijacking. That makes it a wide range of harms. A variety of security technologies have been proposed to deal with system security problems including buffer overflow. For example, No eXecute (NX for short) is a memory management technology commonly used in Harvard architecture. It can refuse the execution of code which residing in a specific memory, and can effectively suppress the abnormal impact of buffer overflow on control flow. Therefore, in recent years, it has also been used in the field of system security, deriving a series of solutions based on NX technology, such as ExecShield, DEP, StackGuard, etc. However, these security solutions often rely too much on the processor architecture so that the protection coverage is insufficient and the accuracy is limited. Especially in the emerging system architecture field represented by RISC-V, there is still a lack of effective solutions for buffer overflow vulnerabilities. With the continuous rapid development of the system architecture, it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development. Therefore, we propose BOP, A new system memory security design method based on RISC-V extended instructions, to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RISC-V. According to this method, NX technology can be combined with program control flow analysis, and NX bit mechanism can be used to manage the executability of memory space, so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment. In addition, The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system, but also widely applicable to the combination of multiple heterogeneous systems. Graphical abstract
Keywords