@MASTERSTHESIS{ 2016:1027548238,
 	title = {Stack smashing attack detection methodology for secure program execution based on hardware},
 	year = {2016},
 	url = "http://tede2.pucrs.br/tede2/handle/tede/7073",
 	abstract = "The need to include security mechanisms in electronic devices has dramatically grown with the widespread use of such devices in our daily life. With the increasing interconnectivity among devices, attackers can now launch attacks remotely. Such attacks arrive as data over a regular communication channel and, once resident in the program memory, they trigger a pre-existing software flaw and transfer control to the attacker’s malicious code. Software vulnerabilities have been the main cause of computer security incidents. Among these, buffer overflows are perhaps the most widely exploited type of vulnerability, accounting for approximately half the Computer Emergency Readiness Team (CERT) advisories in recent years. In this scenario, the methodology proposed in this work presents a new hardware-based approach to detect stack smashing buffer overflow attack and recover the system after the attack detection. Compared to existing approaches, the proposed technique does not need application code recompilation or use of any kind of software (e.g., an Operating System - OS) to manage memory usage. By monitoring processor pipeline internal signals, this approach is able to detect when the return address of a function call has been corrupted. At this moment, a rollback-based recovery procedure is triggered, which drives the system into a safe state previously stored in a protected memory area. This approach was validated by implementing a C program that forces a buffer overflow condition, which is promptly recognized by the proposed approach. From this point on, the system is then properly recovered. Having in mind to evaluate the system under more realistic conditions, test programs were implemented with pieces of known vulnerable C codes. These vulnerable pieces of codes were obtained from vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE). These code snippets were adapted and included in the test programs. Then, while running these programs the proposed system was evaluated. This evaluation was done by observing the capability of the proposed approach to: (1) detect an invalid return address and (2) to safely recovery the system from the faulty condition. Finally, the execution time and area overheads were determined. According to preliminary implementations and results this approach guarantees 100% attack detection with negligible detection latency by recognizing return address overwritten within a few processor clock cycles.",
 	publisher = {Pontifícia Universidade Católica do Rio Grande do Sul},
 	scholl = {Programa de Pós-Graduação em Engenharia Elétrica},
 	note = {Faculdade de Engenharia}
}