Introducing SED:A Way to Mitigate Buffer Overflow Attacks

One of the most common security threats to information systems and the data they protect occurs when an attacker is able to alter his identity and, in so doing, grain control over system resources. Historically, attackers have favored buffer overflows as an attack vector to alter their identity. On UNIX systems attackers typically exploit buffer overflows so that they can assume the identity of the root user. AIX 5L 5300-03 introduces Stack Execution Disable (SED) which prevents the successful exploitation of many types of buffer overflows.

Buffer overflows are the result of programming oversights and can be found in all levels of the software stack. An attacker exploits a buffer overflow by injecting malicious code into various process memory segments and then executing that code under their new identity. As with any security issue, there are several methods to mitigate the risk introduced by buffer overflows. Preventing a system from executing malicious code stops a buffer overflow exploit in its tracks. SED uses functionality introduced in the POWER4 family of processors to prevent code execution in various process memory segments thus thwarting buffer overflow attacks. If an attacker attempts to exploit a buffer overflow a hardware exception is raised to tell SED to terminate the offending program.

SED is highly flexible and configurable. It offers the following features:

For more information regarding SED see the AIX Security Guide and the sedmgr command documentation.

Contact IBM

Browse Power Systems

Next generation applications for big data and analytics and cognitive computing are providing unprecedented insights into opportunities, threats and efficiencies. IBM Power Systems is at the forefront of delivering solutions to gain faster insights from analyzing both structured information and unstructured big data. With the secure, flexible and open platform of IBM Power Systems plus solutions and software, organizations can outpace their competitors by delivering faster services, providing differentiated offerings and turning operational cost into investment opportunity.

IBM Power Systems hardware is at the heart of enabling major business and industry transformations fueled by the explosive growth of big data and analytics. Power Systems help organizations drive faster business insights with industry leading performance, scalability and virtualization flexibility.

IBM Power Systems deliver flexibility and choice of operating systems to enable your business to support the next generation applications for big data and analytics and cognitive computing that are transforming how organizations work today. Whether running 1, 2, or all 3 - coupled with PowerVM, they maximize the benefit of Power Systems in your business.

IBM's integrated approach to developing Systems and Systems Software stacks together delivers a platform that supports next generation applications for big data and analytics and cognitive computing on an open platform for choice while providing maximum utilization, availability, and flexibility to help you deliver new advantages to your business.

IBM and IBM Business Partner solutions exploit key benefits in IBM Power Systems’ unique design combined with systems software to provide support for next generation applications for big data and analytics and cognitive computing to providing unprecedented insights into opportunities, threats and efficiencies to your organization.


Over the last five years thousands of clients have migrated to IBM Power Systems. Learn how Power Systems has helped them support next generation applications for big data and analytics and cognitive computing on an open platform for choice while improving business performance, reducing risk, and establishing a platform for growth.