lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <PLEIIGNDLGEDDKABPLHBMEHNCHAA.dparis@w3works.com>
Date: Tue, 3 Feb 2004 07:36:55 -0500
From: "Dave Paris" <dparis@...orks.com>
To: "Hilmi Ozdoganoglu" <cyprian@...due.edu>,
	<bugtraq@...urityfocus.com>
Subject: RE: http://www.smashguard.org


I'm not sure I understand the economics involved here.  Taking the
worst-case (software) cited at an 8.3% performance hit, this says a 3.2GHz
P4 will give approximately the same performance as a 2.9GHz machine.  Or put
another way, for every 12 machines I have operating on a problem (say, in a
cluster of some sort), I have to add in one additional machine to make up
for the performance hit.  If we're talking about commodity, x86 server type
hardware, we're not talking about a lot of money, even if you factor in the
additional costs for another switch port, etc.  Certainly not the kind of
money one would expect to be kicking around for custom CPUs - which I would
guess to be _well_ in excess of SPARC or PA-RISC prices.

I think the project/product is quite interesting from an academic
standpoint, but unless it can be put into mainstream production with
existing vendors, my realistic side says it'll never be economically
feasible to get out of academia.

Kind Regards,
-dsp

-----Original Message-----
From: Hilmi Ozdoganoglu [mailto:cyprian@...due.edu]
Sent: Friday, January 30, 2004 6:34 PM
To: bugtraq@...urityfocus.com
Subject: http://www.smashguard.org



        SmashGuard is a hardware-based solution developed at Purdue
University  to prevent Buffer-Overflow Attacks realized by overwriting the
Function  Return Address (patent-pending).  The design of SmashGuard is a
kernel patch that supports CPUs modified to support SmashGuard protection.

 For details please refer to the  TechReports at:

	http://www.smashguard.org

  In addition to details of SmashGuard, the site serves as a comprehensive
resource for buffer overflow attacks/prevention/detection. On "the buffer
overflow page" we provide links to research papers, known exploits, safer
C languages, patents, audit tools and more.  If you can think of a site or
resource that should be added please send email to our webmaster
(cyprian@...due.edu)

-SmashGuard Group






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ