UPM Institutional Repository

Buffer overflow attack mitigation via Trusted Platform Module (TPM)


Citation

Teh, Jia Yew and Samsudin, Khairulmizam and Udzir, Nur Izura and Hashim, Shaiful Jahari (2014) Buffer overflow attack mitigation via Trusted Platform Module (TPM). Infrastructure University Kuala Lumpur Research Journal, 2 (1). pp. 73-84. ISSN 2289-4144

Abstract

As of the date of writing of this paper, we found no effort whatsoever in the employment of Trusted Computing (TC)'s Trusted Platform Module (TPM) security features in Buffer Overflow Attack (BOA) mitigation. Such is despite the extensive application of TPM in providing security based solutions, especially in key exchange protocols deemed to be an integral part of cryptographic solutions. In this paper we propose the use of TPM's Platform Configuration Register (PCR) in the detection and prevention of stack based buffer overflow attacks. Detection is achieved via the integrity validation (of SHA1 hashses) of both return address and call instruction opcodes. Prevention is achieved via encrypting the memory location addresses of both the return and call instruction above using RSA encryption. An exception is raised should integrity violations occur. Based on effectiveness tests conducted, our proposed solution has successfully detected 6 major variants of buffer overflow attacks attempted in conventional application codes, while incurring overheads that pose no major obstacles in the normal, continued operation of conventional application codes.


Download File

[img]
Preview
PDF (Abstract)
Buffer overflow attack mitigation via Trusted Platform Module (TPM).pdf

Download (36kB) | Preview
Official URL or Download Paper: http://iukl.edu.my/iukl-research-journal/archives/

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
Faculty of Engineering
Publisher: IKRAM Education
Notes: Selected paper from International Conference on Engineering, Information Technology and Science (ICEITS)
Keywords: Buffer overflow attack; Trusted platform module; Platform configuration register (PCR); ptrace; TPM_Extend; TPM_Sea
Depositing User: Nabilah Mustapa
Date Deposited: 02 May 2017 04:39
Last Modified: 02 May 2017 04:39
URI: http://psasir.upm.edu.my/id/eprint/51814
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item