Runtime execution monitoring (REM) to detect and prevent malicious code execution
作者: A.M. Fiskiran , R.B. Lee
DOI: 10.1109/ICCD.2004.1347961
关键词:
摘要: Many computer security threats involve execution of unauthorized foreign code on the victim computer. Viruses, network and email worms, Trojan horses, backdoor programs used in denial service attacks are a few examples. In this paper, we present an architectural technique, which call runtime monitoring (REM), to detect program flow anomalies associated with such malicious code. The key idea REM is verification at hash block (similar basic block) level. This achieved by pre-computing keyed hashes (HMACs) for each during installation, then verifying these values execution. By integrity level, can monitor instructions whose behavior typically exploited code, as branch, call, return instructions. Performance degradation averages 6.4% our benchmark programs, be reduced under 5% increasing size L1 instruction cache.
princeton.edu
computer.org
tudelft.nl 参考文章(18)
Mike Frantzen, Mike Shuey, StackGhost: Hardware facilitated stack protection usenix security symposium. pp. 5- 5 ,(2001)
Alfred J Menezes, Paul C van Oorschot, Scott A Vanstone, Handbook of Applied Cryptography ,(1996)
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
Darrell M. Kienzle, Matthew C. Elder, Recent worms: a survey and trends workshop on rapid malcode. pp. 1- 10 ,(2003) , 10.1145/948187.948189
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Doug Burger, Todd M. Austin, The SimpleScalar tool set, version 2.0 ACM Sigarch Computer Architecture News. ,vol. 25, pp. 13- 25 ,(1997) , 10.1145/268806.268810
Tim Maude, Derwent Maude, Hardware protection against software piracy Communications of the ACM. ,vol. 27, pp. 950- 959 ,(1984) , 10.1145/358234.358271
Dan Boneh, Patrick Lincoln, Mark Horowitz, John Mitchell, Mark Mitchell, David Lie Chandramohan Thekkath, Architectural support for copy and tamper-resistant software ,(2003)
Youtao Zhang, Lan Gao, Jun Yang, Fast secure processor for inhibiting software piracy and tampering international symposium on microarchitecture. pp. 351- 360 ,(2003) , 10.5555/956417.956576
W.W. Stames, Integrity assessment tools: fundamental protection for business critical systems, data and applications information technology interfaces. pp. 465- 470 ,(2000)