Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
IEEE Transactions on Computers
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Extended Protection against Stack Smashing Attacks without Performance Loss
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Parallelizing security checks on commodity hardware
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flexible Hardware Acceleration for Instruction-Grain Program Monitoring
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Efficient protection against heap-based buffer overflows without resorting to magic
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Static secure page allocation for light-weight dynamic information flow tracking
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
| Hi-index | 0.00 |
Dynamic information flow tracking (DIFT) has been an effective security countermeasure for both low-level memory corruptions and high-level semantic attacks. However, many software approaches suffers from large performance degradation and hardware approaches have great logic and storage overhead. In this paper, we propose a flexible, efficient, and light-weight approach to perform DIFT based on secure page allocation, PIFT. Instead of associating each data value with a taint tag, we aggregate data according to their taints, i.e., putting data with different attributes in different types of memory pages. Our approach is a compile-aided process that allows the compiler to allocate trusted/untrusted information into different memory pages. Our implementation and analysis show that the memory overhead is little, and the approach can protect critical information, like return address, indirect jump address, and system call arguments, from being overwritten by malicious data.