Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Safety checking of machine code
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Safe Virtual Execution Using Software Dynamic Translation
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Proceedings of the 12th ACM conference on Computer and communications security
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A tool for constructing safe extensible C++ systems
COOTS'97 Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3
Extending .NET security to unmanaged code
International Journal of Information Security
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Fast byte-granularity software fault isolation
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Fine-grained user-space security through virtualization
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Language-independent sandboxing of just-in-time compilation and self-modifying code
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-flow restrictor: compiler-based CFI for iOS
Proceedings of the 29th Annual Computer Security Applications Conference
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Virtual ghost: protecting applications from hostile operating systems
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.00 |
In many software attacks, inducing an illegal control-flow transfer in the target system is one common step. Control-Flow Integrity (CFI) protects a software system by enforcing a pre-determined control-flow graph. In addition to providing strong security, CFI enables static analysis on low-level code. This paper evaluates whether CFI-enabled static analysis can help build efficient and validated data sandboxing. Previous systems generally sandbox memory writes for integrity, but avoid protecting confidentiality due to the high overhead of sandboxing memory reads. To reduce overhead, we have implemented a series of optimizations that remove sandboxing instructions if they are proven unnecessary by static analysis. On top of CFI, our system adds only 2.7% runtime overhead on SPECint2000 for sandboxing memory writes and adds modest 19% for sandboxing both reads and writes. We have also built a principled data-sandboxing verifier based on range analysis. The verifier checks the safety of the results of the optimizer, which removes the need to trust the rewriter and optimizer. Our results show that the combination of CFI and static analysis has the potential of bringing down the cost of general inlined reference monitors, while maintaining strong security.