Repository logo
Repository logo
 

Static secure page allocation for light-weight dynamic information flow tracking

Simple item page
datacite.rightshttp://purl.org/coar/access_right/c_16ec
dc.creatorSantos J.C.M.
dc.creatorFei Y.
dc.creatorShi Z.J.
dc.date.accessioned2020-03-26T16:32:55Z
dc.date.available2020-03-26T16:32:55Z
dc.date.issued2012
dc.description.abstractDynamic information flow tracking (DIFT) is an effective security countermeasure for both low-level memory corruptions and high-level semantic attacks. However, many software approaches suffer large performance degradation, and hardware approaches have high logic and storage overhead. We propose a flexible and light-weight hardware/software co-design approach to perform DIFT based on secure page allocation. Instead of associating every data with a taint tag, we aggregate data according to their taints, i.e., putting data with different attributes in separate memory pages. Our approach is a compiler-aided process with architecture support. The implementation and analysis show that the memory overhead is little, and our approach can protect critical information, including return address, indirect jump address, and system call IDs, from being overwritten by malicious users. Copyright 2012 ACM.eng
dc.description.sponsorshipACM Spec. Interest Group Microarchitectural Res.;Process. (SIGMICRO);ACM Special Interest Group on Embedded Systems (SIGBED);ACM Special Interest Group on Design Automation (SIGDA)
dc.format.mediumRecurso electrónico
dc.format.mimetypeapplication/pdf
dc.identifier.citationCASES'12 - Proceedings of the 2012 ACM International Conference on Compilers, Architectures and Synthesis for Embedded Systems, Co-located with ESWEEK; pp. 27-36
dc.identifier.doi10.1145/2380403.2380415
dc.identifier.instnameUniversidad Tecnológica de Bolívar
dc.identifier.isbn9781450314244
dc.identifier.orcid26325154200
dc.identifier.orcid7103059457
dc.identifier.orcid35225236800
dc.identifier.reponameRepositorio UTB
dc.identifier.urihttps://hdl.handle.net/20.500.12585/9091
dc.language.isoeng
dc.relation.conferencedate7 October 2012 through 12 October 2012
dc.relation.conferenceplaceTampere
dc.rights.accessrightsinfo:eu-repo/semantics/restrictedAccess
dc.rights.ccAtribución-NoComercial 4.0 Internacional
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/
dc.sourcehttps://www.scopus.com/inward/record.uri?eid=2-s2.0-84869031279&doi=10.1145%2f2380403.2380415&partnerID=40&md5=43847ed3df6018aa90812c8dcf0c6dff
dc.sourceScopus2-s2.0-84869031279
dc.source.event2012 ACM International Conference on Compilers, Architectures and Synthesis for Embedded Systems, CASES 2012, Co-located with 8th Embedded Systems Week, ESWEEK 2012
dc.subject.keywordsDynamic information flow tracking
dc.subject.keywordsSecurity attacks
dc.subject.keywordsStatic control flow analysis
dc.subject.keywordsCritical information
dc.subject.keywordsDynamic information flow tracking
dc.subject.keywordsHardware-software codesign
dc.subject.keywordsHigh level semantics
dc.subject.keywordsLight weight
dc.subject.keywordsMemory corruption
dc.subject.keywordsMemory overheads
dc.subject.keywordsMemory pages
dc.subject.keywordsPage allocation
dc.subject.keywordsPerformance degradation
dc.subject.keywordsSecurity attacks
dc.subject.keywordsSecurity countermeasures
dc.subject.keywordsSoftware approach
dc.subject.keywordsStatic control
dc.subject.keywordsStorage overhead
dc.subject.keywordsSystem calls
dc.subject.keywordsEmbedded systems
dc.subject.keywordsHardware
dc.subject.keywordsProgram compilers
dc.subject.keywordsSemantics
dc.subject.keywordsDigital storage
dc.titleStatic secure page allocation for light-weight dynamic information flow tracking
dc.type.driverinfo:eu-repo/semantics/conferenceObject
dc.type.hasversioninfo:eu-repo/semantics/publishedVersion
dc.type.spaConferencia
dcterms.bibliographicCitationChang, W., Streiff, B., Lin, C., Efficient and extensible security enforcement using dynamic data flow analysis (2008) Proc. Conf. Computer & Communications Security, pp. 39-50. , Oct
dcterms.bibliographicCitationChen, H., Wu, X., Yuan, L., Zang, B., Yew, P.-C., Chong, F.T., From speculation to security: Practical and efficient information flow tracking using speculative hardware (2008) Proc. Int. Symp. Computer Architecture, pp. 401-412. , June
dcterms.bibliographicCitationChen, S., Kozuch, M., Strigkos, T., Falsafi, B., Gibbons, P.B., Mowry, T.C., Ramachandran, V., Vlachos, E., Flexible hardware acceleration for instruction-grain program monitoring (2008) Proc. Int. Symp. Computer Architecture, pp. 377-388. , Jun
dcterms.bibliographicCitationChiueh, T.-C., Hsu, F.-H., RAD: A compile-time solution to buffer overflow attacks (2001) Proc. Int Conf. Distributed Computing Systems, pp. 409-417. , Apr
dcterms.bibliographicCitationCowen, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Zhang, Q., StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks (1998) Proc. USENIX Security Symp., pp. 63-78. , Jan
dcterms.bibliographicCitationCrandall, J.R., Wu, S.F., Chong, F.T., Minos: Architectural support for protecting control data (2006) ACM Tran. Architecture & Code Optimization, 3 (4), pp. 359-389. , Dec
dcterms.bibliographicCitationDalton, M., Kannan, H., Kozyrakis, C., Raksha: A flexible flow architecture for software security (2007) Proc. Int. Symp. Computer Architecture, pp. 482-293. , June
dcterms.bibliographicCitationFocus, S., (2001) Ssh crc-32 Compensation Attack Detector Vulnerability, , http://www.securityfocus.com/bid/2347/
dcterms.bibliographicCitationFrantzen, M., Shuey, M., StackGhost: Hardware facilitated stack protection (2001) Proc. USENIX Security Symp., pp. 55-66. , Aug
dcterms.bibliographicCitationHo, A., Fetterman, M., Clark, C., Warfield, A., Hand, S., Practical taint-based protection using demand emulation (2006) EUROSYS '06
dcterms.bibliographicCitationHuang, R., Deng, D.Y., Suh, G.E., Orthrus: Efficient software integrity protection on multi-cores (2010) Comput. Archit. News, 38 (1), pp. 371-384
dcterms.bibliographicCitation(2010) Imperva. Securesphere and Owasp 2010 Top Ten Most Critical Web Application Security Risks, , http://www.imperva.com/docs/TB_SecureSphere_OWASP_2010-Top-Ten.pdf
dcterms.bibliographicCitationIsaev, I.K., Sidorov, D.V., The use of dynamic analysis for generation of input data that demonstrates critical bugs and vulnerabilities in programs (2010) Programming and Computer Software, 36 (4), pp. 225-236. , Sept
dcterms.bibliographicCitationKannan, H., Ordering decoupled metadata accesses in multiprocessors (2009) Proc. Int. Symp. Microarchitecture, pp. 381-390. , Dec
dcterms.bibliographicCitationKatsunuma, S., Kurita, H., Shioya, R., Shimizu, K., Irie, H., Goshima, M., Sakai, S., Base address recognition with data flow tracking for injection attack detection (2006) Proc. Pacific Rim Inter. Symp. Dependable Computing, pp. 165-172. , Dec
dcterms.bibliographicCitationLam, L.C., Chiueh, T.-C., A general dynamic information flow tracking framework for security applications (2006) Proc. Annual Computer Security Applications Conf., pp. 463-472. , Dec
dcterms.bibliographicCitationLivshits, B., Martin, M., Lam, M.S., Securifly: Runtime protection and recovery from web application vulnerabilities (2006) Technical Report, Stanford University
dcterms.bibliographicCitationMartinez Santos, J.C., Fei, Y., Leveraging speculative architectures for run-time program validation (2008) Proc. Int. Conf. Computer Design, pp. 498-505. , Oct
dcterms.bibliographicCitationMartinez Santos, J.C., Fei, Y., Shi, Z.J., Pift: Efficient dynamic information flow tracking using secure page allocation (2009) Proc. WkShp on Embedded Systems Security, pp. 61-68. , Oct
dcterms.bibliographicCitationNethercote, N., Seward, J., Valgrind: A framework for heavyweight dynamic binary instrumentation (2007) Proc. Conference on Programming Language Design & Implementation, pp. 89-100. , Jun
dcterms.bibliographicCitationNightingale, E.B., Peek, D., Chen, P.M., Flinn, J., Parallelizing security checks on commodity hardware (2008) Proc. Int. Conf. Architectural Support for Programming Languages & Operating Systems, pp. 308-318. , Mar
dcterms.bibliographicCitationPozza, D., Sisto, R., A lightweight security analyzer inside gcc (2008) Proc. Int. Conf. Availability, Reliability & Security, pp. 851-858
dcterms.bibliographicCitationQin, F., Wang, C., Li, Z., Seop Kim, H., Zhou, Y., Wu, Y., LIFT: A low-overhead practical information flow tracking system for detecting security attacks (2006) IEEE/ACM Int. Symp. on Microarchitecture, pp. 135-148. , Dec
dcterms.bibliographicCitationRuwase, O., Gibbons, P.B., Mowry, T.C., Ramachandran, V., Chen, S., Kozuch, M., Ryan, M., Parallelizing dynamic information flow tracking (2008) Proc. Annual Symp. Parallelism in Algorithms & Architectures, pp. 35-45. , Jun
dcterms.bibliographicCitationShi, W., Fryman, J., Gu, G., Lee, H.-H., Zhang, Y., Yang, J., InfoShield: A security architecture for protecting information usage in memory (2006) Int. Symp. on High-Performance Computer Architecture, pp. 222-231. , Feb
dcterms.bibliographicCitationSophia, I., Méditerranée, A., Antipolis, S., Secure slices of insecure programs categories and subject descriptors (2008) Language, pp. 112-122. , Mar
dcterms.bibliographicCitationSotirov, A., (2005) Automatic Vulnerability Detection Using Static Source Code Analysis, , PhD thesis, University of Alabama
dcterms.bibliographicCitation(2000) SPEC CINT 2000, , http://www.spec.org/cpu2000/CINT2000/, Benchmarks
dcterms.bibliographicCitationSuh, G.E., Lee, J.W., Zhang, D., Devadas, S., Secure program execution via dynamic information flow tracking (2004) Proc. Int. Conf. on Architectural Support for Programming Languages & Operating Systems, pp. 85-96
dcterms.bibliographicCitationVachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., August, D.I., RIFLE: An architectural framework for user-centric information-flow security (2004) Proc. Int. Symp. Microarchitecture, pp. 243-254
dcterms.bibliographicCitationVenkataramani, G., Doudalis, I., Solihin, Y., Prvulovic, M., Flexitaint: A programmable accelerator for dynamic taint propagation (2008) Proc. Int. Symp. High-Performance Computer Architecture, pp. 173-184. , Feb
dcterms.bibliographicCitationWilander, J., Kamkar, M., (2002) A Comparison of Publicly Available Tools for Static Intrusion Prevention
dcterms.bibliographicCitationXu, J., Nakka, N., Defeating memory corruption attacks via pointer taintedness detection (2005) Proc. Int. Conf. on Dependable Systems & Networks, pp. 378-387
dcterms.bibliographicCitationXu, W., Bhatkar, S., Sekar, R., Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks (2006) Proc. USENIX Security Symp., pp. 121-136. , July-Aug
dcterms.bibliographicCitationYounan, Y., Joosen, W., Piessens, F., Efficient protection against heap-based buffer overflows without resorting to magic (2006) Proc. Int. Conf. on Information & Communication Security, , Dec
dcterms.bibliographicCitationYounan, Y., Pozza, D., Piessens, F., Joosen, W., Extended protection against stack smashing attacks without performance loss (2006) Proc. Annual Computer Security Applications Conf., pp. 429-438. , Dec
oaire.resourceTypehttp://purl.org/coar/resource_type/c_c94f
oaire.versionhttp://purl.org/coar/version/c_970fb48d4fbd8a85

Files

Collections

Productos de investigación

Universidad Tecnológica de Bolívar - 2017 Institución de Educación Superior sujeta a inspección y vigilancia por el Ministerio de Educación Nacional. Resolución No 961 del 26 de octubre de 1970 a través de la cual la Gobernación de Bolívar otorga la Personería Jurídica a la Universidad Tecnológica de Bolívar.