Introducing SED:A Way to Mitigate Buffer Overflow Attacks

One of the most common security threats to information systems and the data they protect occurs when an attacker is able to alter his identity and, in so doing, grain control over system resources. Historically, attackers have favored buffer overflows as an attack vector to alter their identity. On UNIX systems attackers typically exploit buffer overflows so that they can assume the identity of the root user. AIX 5L 5300-03 introduces Stack Execution Disable (SED) which prevents the successful exploitation of many types of buffer overflows.

Buffer overflows are the result of programming oversights and can be found in all levels of the software stack. An attacker exploits a buffer overflow by injecting malicious code into various process memory segments and then executing that code under their new identity. As with any security issue, there are several methods to mitigate the risk introduced by buffer overflows. Preventing a system from executing malicious code stops a buffer overflow exploit in its tracks. SED uses functionality introduced in the POWER4 family of processors to prevent code execution in various process memory segments thus thwarting buffer overflow attacks. If an attacker attempts to exploit a buffer overflow a hardware exception is raised to tell SED to terminate the offending program.

SED is highly flexible and configurable. It offers the following features:

For more information regarding SED see the AIX Security Guide and the sedmgr command documentation.

Contact IBM

Browse Power Systems

Next generation applications for big data and analytics and cognitive computing are providing unprecedented insights into opportunities, threats and efficiencies. IBM Power Systems is at the forefront of delivering solutions to gain faster insights from analyzing both structured information and unstructured big data. With the secure, flexible and open platform of IBM Power Systems plus solutions and software, organizations can outpace their competitors by delivering faster services, providing differentiated offerings and turning operational cost into investment opportunity.

To draw insights and make better decisions, businesses rely on the secure, flexible and open platform of IBM Power Systems. Built with the first processor designed for big data workloads, the design of Power Systems combines the computing power, memory bandwidth and I/O in ways that are easier to consume and manage, building on strong resiliency, availability and security.

IBM Power Systems deliver flexibility and choice of operating systems to enable your business to support the next generation applications for big data and analytics and cognitive computing that are transforming how organizations work today. Whether running 1, 2, or all 3 - coupled with PowerVM, they maximize the benefit of Power Systems in your business.

Transform your business with Systems Software that enables virtualization, high availability, flexibility, security and compliance on Power Systems™. IBM’s integrated approach to developing Systems and Systems Software together delivers optimized results with Power Systems.

As an open innovation platform, Power Systems is optimized for big data and analytics performance and to deliver scale-out economics and security for the cloud. IBM and IBM Business Partner solutions exploit key capabilities in IBM Power Systems.

Over the last five years thousands of clients have migrated to IBM Power Systems. Learn how Power Systems has helped them support next generation applications for big data and analytics and cognitive computing on an open platform for choice while improving business performance, reducing risk, and establishing a platform for growth.