Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
MediaBench: a tool for evaluating and synthesizing multimedia and communicatons systems
MICRO 30 Proceedings of the 30th annual ACM/IEEE international symposium on Microarchitecture
Computer architecture (2nd ed.): a quantitative approach
Computer architecture (2nd ed.): a quantitative approach
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Writing Secure Code
Cryptography and Network Security: Principles and Practice
Cryptography and Network Security: Principles and Practice
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Protecting Software Code by Guards
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
A Toolkit for Specializing Production Operating System Code
A Toolkit for Specializing Production Operating System Code
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Security as a new dimension in embedded system design
Proceedings of the 41st annual Design Automation Conference
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hardware-enforced fine-grained isolation of untrusted code
Proceedings of the first ACM workshop on Secure execution of untrusted code
Hi-index | 0.00 |
As computer systems penetrate deeper into our lives and handle private data, safety-critical applications, and transactions of high monetary value, efforts to breach their security also assume significant dimensions way beyond an amateur hacker's play. Until now, security was always an afterthought. This is evident in regular updates to antivirus software, patches issued by vendors after software bugs are discovered, etc. However, increasingly, we are realizing the need to incorporate security during the design of a system, be it software or hardware. We invoke this philosophy in the design of a hardware-based system to enable protection of a program's data during execution, in this paper, we develop a general framework that provides security assurance against a wide class of security attacks. Our work is based on the observation that a program's normal or permissible behavior with respect to data accesses can be characterized by various properties. We present a hardware/software approach wherein such properties can be encoded as data attributes and enforced as security policies during program execution. These policies may be application-specific (e.g., access control for certain data structures), compiler-generated (e.g., enforcing that variables are accessed only within their scope), or universally applicable to all programs (e.g., disallowing WRITES to unallocated memory). We show how an embedded system architecture can support such policies by: 1) enhancing the memory hierarchy to represent the attributes of each datum as security tags that are linked to it throughout its lifetime and 2) adding a configurable hardware checker that interprets the semantics of the tags and enforces the desired security policies. We evaluated the effectiveness of the proposed architecture in enforcing various security policies for several embedded benchmark applications. Our experiments in the context of the Simplescalar framework demonstrate that the proposed solution ensures run-time validation of application-defined data properties with minimal execution time overheads.