Adding run-time checking to the portable C compiler
Software—Practice & Experience
Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
Operating system enhancements to prevent the misuse of system calls
Proceedings of the 7th ACM conference on Computer and communications security
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Concurrent Error Detection Using Watchdog Processors-A Survey
IEEE Transactions on Computers
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
A framework for trusted instruction execution via basic block signature verification
ACM-SE 42 Proceedings of the 42nd annual Southeast regional conference
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Secure and practical defense against code-injection attacks using software dynamic translation
Proceedings of the 2nd international conference on Virtual execution environments
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 4th international conference on Security of information and networks
Cooperative component testing architecture in collaborating network environment
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Component survivability at runtime for mission-critical distributed systems
The Journal of Supercomputing
| Hi-index | 0.00 |
With more computing platforms connected to the Internet each day, computer system security has become a critical issue. One of the major security problems is execution of malicious injected code. In this paper we propose new processor extensions that allow execution of trusted instructions only. The proposed extensions verify instruction block signatures in run-time. Signatures are generated during a trusted installation process, using a multiple input signature register (MISR), and stored in an encrypted form. The coefficients of the MISR and the key used for signature encryption are based on a hidden processor key. Signature verification is done in the background, concurrently with program execution, thus reducing negative impact on performance. The preliminary results indicate that the proposed processor extensions will prevent execution of any unauthorized code at a relatively small increase in system complexity and execution time.