Direct parallelization of call statements
SIGPLAN '86 Proceedings of the 1986 SIGPLAN symposium on Compiler construction
Analysis of interprocedural side effects in a parallel programming environment
Journal of Parallel and Distributed Computing - Special Issue on Languages, Compilers and environments for Parallel Programming
A practical algorithm for exact array dependence analysis
Communications of the ACM
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Efficient and precise array access analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Intrusion Detection via System Call Traces
IEEE Software
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
TAXI: Trace Analysis for X86 Interpretation
ICCD '02 Proceedings of the 2002 IEEE International Conference on Computer Design: VLSI in Computers and Processors (ICCD'02)
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Anomalous path detection with hardware support
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Tampering in RFID: A Survey on Risks and Defenses
Mobile Networks and Applications
Ribbons: a partially shared memory programming model
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
| Hi-index | 0.00 |
Current anomaly detection schemes focus on control flow monitoring. Recently, Chen et al. [2] discovered that a large category of attacks tamper program data but do not alter control flows. These attacks are not only realistic, but are also as important as classical attacks tampering control flows. Detecting these attacks is a critical issue but has received little attention so far. In this work, we propose an intrusion detection scheme with both compiler and micro-architecture support detecting data tampering directly. The compiler first identifies program regions in which the data should not be modified as per program semantics. Then the compiler performs an analysis to determine the conditions for modification of variables in different program regions and conveys this information to the hardware and the hardware checks the data accesses based on the information. If the compiler asserts that the data should not be modified but there is an attempt to do so at runtime, an attack is detected. The compiler starts with a basic scheme achieving maximum data protection but such a scheme also suffers from high performance overhead. We then attempt to reduce the performance overhead through different optimization techniques. Our experiments show that our scheme achieves strong memory protection with tight control over the performance degradation. Thus, our major contribution is to provide an efficient scheme to detect data tampering while minimizing the overhead.