Secure program execution via dynamic information flow tracking
作者: G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas
关键词:
摘要: We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic protects programs against malicious software attacks by identifying spurious flows from untrusted I/O and restricting usage information.Every attack to take control program needs transfer program's malevolent code. In our approach, operating system identifies set input channels as spurious, processor tracks all those inputs. A broad range are effectively defeated checking use values instructions pointers.Our protection is transparent users or application programmers; executables be used without any modification. Also, scheme only incurs, on average, memory overhead 1.4% 1.1%.
acm.org
core.ac.uk
princeton.edu 
sci-hub.se 参考文章(23)
James C. Foster, Vitaly Osipov, Nish Bhalla, Niels Heinen, Dave Aitel, Format String Attacks Buffer Overflow Attacks#R##N#Detect, Exploit, Prevent. pp. 273- 315 ,(2005) , 10.1016/B978-193226667-2/50047-5
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Monica S. Lam, Olatunji Ruwase, A practical dynamic buffer overflow detector network and distributed system security symposium. pp. 159- 169 ,(2004)
Mike Frantzen, Mike Shuey, StackGhost: Hardware facilitated stack protection usenix security symposium. pp. 5- 5 ,(2001)
Navjot Singh, Arash Baratloo, Timothy Tsai, Transparent run-time defense against stack smashing attacks usenix annual technical conference. pp. 21- 21 ,(2000)
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention network and distributed system security symposium. pp. 149- ,(2003)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
Zbigniew Kalbarczyk, Ravishankar K. Iyer, Sanjay Patel, Jun Xu, Architecture Support for Defending Against Buffer Overflow Attacks Coordinated Science Laboratory, University of Illinois at Urbana-Champaign. ,(2002)
James Cheney, Michael W. Hicks, Yanling Wang, Dan Grossman, J. Greg Morrisett, Trevor Jim, Cyclone: A Safe Dialect of C usenix annual technical conference. pp. 275- 288 ,(2002)