Certification of programs for secure information flow
Communications of the ACM
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Parallelizing dynamic information flow tracking
Proceedings of the twentieth annual symposium on Parallelism in algorithms and architectures
Flexible Hardware Acceleration for Instruction-Grain Program Monitoring
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Support for symmetric shadow memory in multiprocessors
PADTAD '08 Proceedings of the 6th workshop on Parallel and distributed systems: testing, analysis, and debugging
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Real-world buffer overflow protection for userspace & kernelspace
SS'08 Proceedings of the 17th conference on Security symposium
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Complete information flow tracking from the gates up
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Architectural support for shadow memory in multiprocessors
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Pointless tainting?: evaluating the practicality of pointer tainting
Proceedings of the 4th ACM European conference on Computer systems
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Testudo: Heavyweight security analysis via statistical sampling
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Runtime monitoring on multicores via OASES
ACM SIGOPS Operating Systems Review
ProtoFlex: Towards Scalable, Full-System Multiprocessor Simulations Using FPGAs
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Self-recovery in server programs
Proceedings of the 2009 international symposium on Memory management
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
ECMon: exposing cache events for monitoring
Proceedings of the 36th annual international symposium on Computer architecture
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
PIFT: efficient dynamic information flow tracking using secure page allocation
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Ordering decoupled metadata accesses in multiprocessors
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Control flow obfuscation with information flow tracking
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Execution leases: a hardware-supported mechanism for enforcing strong non-interference
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
ParaLog: enabling and accelerating online parallel monitoring of multithreaded applications
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Orthrus: efficient software integrity protection on multi-cores
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Execution suppression: An automated iterative technique for locating memory errors
ACM Transactions on Programming Languages and Systems (TOPLAS)
Umbra: efficient and scalable memory shadowing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
ACM SIGOPS Operating Systems Review
Decoupled lifeguards: enabling path optimizations for dynamic correctness checking tools
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Efficient memory shadowing for 64-bit architectures
Proceedings of the 2010 international symposium on Memory management
A more precise security type system for dynamic security tests
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Secure information flow analysis for hardware design: using the right abstraction for the job
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Proceedings of the 37th annual international symposium on Computer architecture
Theoretical analysis of gate level information flow tracking
Proceedings of the 47th Design Automation Conference
The potential of using dynamic information flow analysis in data value prediction
Proceedings of the 19th international conference on Parallel architectures and compilation techniques
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
Proceedings of the 2010 workshop on New security paradigms
Efficient dynamic program monitoring on multi-core systems
Journal of Systems Architecture: the EUROMICRO Journal
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Flexible and Efficient Instruction-Grained Run-Time Monitoring Using On-Chip Reconfigurable Fabric
MICRO '43 Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture
Log-based architectures: using multicore to help software behave correctly
ACM SIGOPS Operating Systems Review
Cross-application data provenance and policy enforcement
ACM Transactions on Information and System Security (TISSEC)
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 38th annual international symposium on Computer architecture
Multicore performance optimization using partner cores
HotPar'11 Proceedings of the 3rd USENIX conference on Hot topic in parallelism
SIFT: a low-overhead dynamic information flow tracking architecture for SMT processors
Proceedings of the 8th ACM International Conference on Computing Frontiers
Information flow isolation in I2C and USB
Proceedings of the 48th Design Automation Conference
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
Architecture support for disciplined approximate programming
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Minemu: the world's fastest taint tracker
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Highly scalable distributed dataflow analysis
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
Inspection resistant memory: architectural support for security from physical examination
Proceedings of the 39th Annual International Symposium on Computer Architecture
Static secure page allocation for light-weight dynamic information flow tracking
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
DTAM: dynamic taint analysis of multi-threaded programs for relevancy
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
A memory access validation scheme against payload injection attacks
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Simultaneous information flow security and circuit redundancy in Boolean gates
Proceedings of the International Conference on Computer-Aided Design
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Leveraging speculative architectures for runtime program validation
ACM Transactions on Embedded Computing Systems (TECS)
ASIST: architectural support for instruction set randomization
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs
Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis
Dynamic Power and Thermal Management of NoC-Based Heterogeneous MPSoCs
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Hi-index | 0.00 |
High-level semantic vulnerabilities such as SQL injection and crosssite scripting have surpassed buffer overflows as the most prevalent security exploits. The breadth and diversity of software vulnerabilities demand new security solutions that combine the speed and practicality of hardware approaches with the flexibility and robustness of software systems. This paper proposes Raksha, an architecture for software security based on dynamic information flow tracking (DIFT). Raksha provides three novel features that allow for a flexible hardware/software approach to security. First, it supports flexible and programmable security policies that enable software to direct hardware analysis towards a wide range of high-level and low-level attacks. Second, it supports multiple active security policies that can protect the system against concurrent attacks. Third, it supports low-overhead security handlers that allow software to correct, complement, or extend the hardware-based analysis without the overhead associated with operating system traps. We present an FPGA prototype for Raksha that provides a full featured Linux workstation for security analysis. Using unmodified binaries for real-world applications, we demonstrate that Raksha can detect high-level attacks such as directory traversal, command injection, SQL injection, and cross-site scripting as well as low-level attacks such as buffer overflows. We also show that low overhead exception handling is critical for analyses such as memory corruption protection in order to address false positives that occur due to the diverse code patterns in frequently used software.