Exploiting Segmentation Mechanism for Protecting against Malicious Mobile Code
作者: Takashi Masuda , Takahiro Shinagawa , Kenji Kono
DOI:
关键词: Flat memory model 、 Computer security 、 Page table 、 Memory management 、 x86 、 Virtual memory 、 Computer science 、 Statement (computer science) 、 Overhead (computing) 、 Information science
摘要: This paper describes a mechanism for protecting against malicious mobile code. As code is linked with hosting application and executed in the same process, fine-grained protection domain providing an intra-process required to prevent from unauthorized access. introduces multi-protection page table: of virtual memory that enables domains be supported at kernel level. A (1) confines accesses by authorized areas, (2) restricts system calls issued code, (3) efficient cross-domain among codes application. Efficiency encourages use domains. demonstrates table can implemented efficiently on most widely used architecture; is, Intel x86 family. The presented implementation achieves reasonable performance practical use; one round-trip call requires 226 608 cycles. Experimental results show overhead only 6.1% 15.8% real ANY OTHER IDENTIFYING INFORMATION OF THIS REPORT Submitted publication DISTRIBUTION STATEMENT technical report available ONLY through http://www.is.s.u-tokyo.ac.jp/techreports/FILES.html. SUPPLEMENTARY NOTES DATE May 17, 2000 TOTAL NO. PAGES 16 WRITTEN LANGUAGE English REFERENCES 15 DEPARTMENT SCIENCE Faculty Science, University Tokyo 7-3-1 Hongo, Bunkyo-ku, 113, Japan Exploiting Segmentation Mechanism Protecting Malicious Mobile Code Takahiro Shinagawa† Kenji Kono††,††† Takashi Masuda†† †Department Information Graduate School Hongo 113-0033 Email:shina@is.s.u-tokyo.ac.jp ††Department Computer Electro-Communications 1-5-1 Chofugaoka Chofu-shi, 182-8585 Email:{kono, masuda}@cs.uec.ac.jp †††Japan Science Technology Corporation
参考文章(14)
John F. Farrell, S. Jeff Turner, Peter A. Loscocco, Ruth C. Taylor, Stephen D. Smalley, Patrick A. Muckelbauer, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ,(2000)
Hermann Härtig, Michael Hohmuth, Jochen Liedtke, Sebastian Schönberg, The performance of μ-kernel-based systems symposium on operating systems principles. ,vol. 31, pp. 66- 77 ,(1997) , 10.1145/268998.266660
George C. Necula, Proof-carrying code symposium on principles of programming languages. pp. 106- 119 ,(1997) , 10.1145/263699.263712
Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, Henry M. Levy, Lightweight remote procedure call ACM Transactions on Computer Systems. ,vol. 8, pp. 37- 55 ,(1990) , 10.1145/77648.77650
Dan S. Wallach, Dirk Balfanz, Drew Dean, Edward W. Felten, Extensible security architectures for Java symposium on operating systems principles. ,vol. 31, pp. 116- 128 ,(1997) , 10.1145/268998.266668
Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham, Efficient software-based fault isolation symposium on operating systems principles. ,vol. 27, pp. 203- 216 ,(1993) , 10.1145/168619.168635
B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, S. Eggers, Extensibility safety and performance in the SPIN operating system symposium on operating systems principles. ,vol. 29, pp. 267- 283 ,(1995) , 10.1145/224056.224077
M. Takahashi, K. Kono, T. Masuda, Efficient kernel support of fine-grained protection domains for mobile code international conference on distributed computing systems. pp. 64- 73 ,(1999) , 10.1109/ICDCS.1999.776507
Tzi-cker Chiueh, Ganesh Venkitachalam, Prashant Pradhan, Integrating segmentation and paging protection for safe, efficient and transparent software extensions symposium on operating systems principles. ,vol. 34, pp. 140- 153 ,(1999) , 10.1145/319151.319161
George C. Necula, Peter Lee, Safe kernel extensions without run-time checking Proceedings of the second USENIX symposium on Operating systems design and implementation - OSDI '96. ,vol. 30, pp. 229- 243 ,(1996) , 10.1145/238721.238781