BASS: a benchmark suite for evaluating architectural security systems

Quantified Score

Visualization

Abstract

As software vulnerabilities continue to be exposed on a daily basis and the motivation of cunning adversaries to compromise valuable computer assets grows, novel methods must be developed to ensure security. Recently there has been a growing interest within the computer architecture research community in designing architectural and hardware mechanisms to improve security. Unfortunately, there is currently not a representative set of benchmarks for evaluating the security features of proposed hardware modifications. The frequent result is that great effort is often spent searching for vulnerable programs, and/or evaluations suffer from a lack of diversity. To address this problem, we developed BASS, a benchmark suite to evaluate the security features of proposed architectural solutions under various malicious attack scenarios. BASS v 1.0 currently consists of seven benchmarks chosen to cover a diverse range of architectural attack characteristics. To facilitate the use of these benchmarks in architectural security research, we have developed both vulnerable programs and scripts to automatically generate exploits targeting those vulnerable programs across both 32-bit x86 and 64-bit Alpha Linux platforms. The entire BASS framework including documentation, source code, input data sets, and precompiled binaries for the M5 full system simulator is released under the Gnu GPL and can be freely downloaded at http://www.ideal.ece.ufl.edu/bass.