Adding run-time checking to the portable C compiler
Software—Practice & Experience
Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
MediaBench: a tool for evaluating and synthesizing multimedia and communicatons systems
MICRO 30 Proceedings of the 30th annual ACM/IEEE international symposium on Microarchitecture
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Concurrent Error Detection Using Watchdog Processors-A Survey
IEEE Transactions on Computers
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
Defending Embedded Systems Against Buffer Overflow via Hardware/Software
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A framework for trusted instruction execution via basic block signature verification
ACM-SE 42 Proceedings of the 42nd annual Southeast regional conference
A workload characterization of elliptic curve cryptography methods in embedded environments
MEDEA '03 Proceedings of the 2003 workshop on MEmory performance: DEaling with Applications , systems and architecture
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
A Hardware-Software Platform for Intrusion Prevention
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
| Hi-index | 0.00 |
Embedded system designers face a unique set of challenges in making their systems more secure, as these systems often have stringent resource constraints or must operate in harsh or physically insecure environments. One of the security issues that have recently drawn attention is software integrity, which ensures that the programs in the system have not been changed either by an accident or an attack. In this paper we propose an efficient hardware mechanism for runtime verification of software integrity using encrypted instruction block signatures. We introduce several variations of the basic mechanism, and give details of three techniques that are most suitable for embedded systems. Performance evaluation using selected MiBench, Mediabench, and Basicrypt benchmarks indicates that the considered techniques impose a relatively small performance overhead. The best overall technique has performance overhead in the range 0-8%, when protecting 128-byte instruction blocks with 16-byte signatures. With 64-byte instruction blocks, the overhead is in the range 0-15%; the average overhead with 8~KB cache is 1%. With additional investment in a signature cache, this overhead can be almost completely eliminated.