ABSTRACT
We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restricting the usage of the spurious information.Every security attack to take control of a program needs to transfer the program's control to malevolent code. In our approach, the operating system identifies a set of input channels as spurious, and the processor tracks all information flows from those inputs. A broad range of attacks are effectively defeated by checking the use of the spurious values as instructions and pointers.Our protection is transparent to users or application programmers; the executables can be used without any modification. Also, our scheme only incurs, on average, a memory overhead of 1.4% and a performance overhead of 1.1%.
- A. Baratloo, T. Tsai, and N. Singh. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, 2000.]] Google ScholarDigital Library
- D. Burger and T. M. Austin. The SimpleScalar Tool Set, Version 2.0. Technical report, University of Wisconsin-Madison Computer Science Department, 1997.]]Google Scholar
- C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities, 2001. In 10th USENIX Security Symposium, Washington, D.C., August 2001.]] Google ScholarDigital Library
- C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, 2003.]] Google ScholarDigital Library
- C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Symposium, pages 63--78, San Antonio, Texas, Jan. 1998.]] Google ScholarDigital Library
- S. Designer. Non-executable user stack. http://www.openwall.com/linux/.]]Google Scholar
- V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun detection using linear programming and static analysis. In Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003.]] Google ScholarDigital Library
- J. L. Henning. SPEC CPU2000: Measuring CPU performance in the new millennium. IEEE Computer, July 2000.]] Google ScholarDigital Library
- T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of c. In Proceedings of the USENIX Annual Technical Conference, 2002.]] Google ScholarDigital Library
- R. Jones and P. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the 3rd International Workshop on Automatic Debugging, 1997.]]Google Scholar
- V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. 11th USENIX Security Symposium, San Francisco, California, Aug. 2002.]] Google ScholarDigital Library
- K. Lawton, B. Denney, N. D. Guarneri, V. Ruppert, and C. Bothamy. Bochs user manual. http://bochs.sourceforge.net/.]]Google Scholar
- R. B. Lee, D. K. Karig, J. P. McGregor, and Z. Shi. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the 2003 International Conference on Security in Pervasive Computing, 2003.]]Google Scholar
- G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the $29^th$ ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2002.]] Google ScholarDigital Library
- T. Newsham. Format string attacks. Guardent, Inc., September 2000. http://www.securityfocus.com/guest/3342.]]Google Scholar
- A. One. Smashing the stack for fun and profit. Phrack, 7(49), Nov. 1996.]]Google Scholar
- PaX Team. Non executable data pages. http://pageexec.virtualave.net/pageexec.txt.]]Google Scholar
- O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.]]Google Scholar
- H. J. Saal and I. Gat. A hardware architecture for controlling information flow. In Proceedings of the 5th Annual Symposium on Computer Architecture, 1978.]] Google ScholarDigital Library
- Scut. Exploiting format string vulnerabilities. TESO Security Group, September 2001. http://www.team-teso.net/articles/formatstring.]]Google Scholar
- U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Automated detection of format-string vulnerabilities using type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001.]] Google ScholarDigital Library
- P. Shivakumar and N. J. Jouppi. CACTI 3.0: An integrated cache timing, power, and area model. Technical report, WRL Research Report, Feb. 2001.]]Google Scholar
- Vendicator. Stackshield: A "stack smashing" technique protection tool for linux. http://www.angelfire.com/sk/stackshield/.]]Google Scholar
- J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, 2003.]]Google Scholar
- E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 304--316, 2002.]] Google ScholarDigital Library
- J. Xu, Z. Kalbarczjk, S. Patel, and R. K. Iyer. Architecture support for defending against buffer overflow attacks. In Proceedings of the 2nd Workshop on Evaluating and Architecting System dependability (EASY), 2002.]]Google Scholar
Index Terms
- Secure program execution via dynamic information flow tracking
Recommendations
Secure program execution via dynamic information flow tracking
ASPLOS '04We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...
Secure program execution via dynamic information flow tracking
ASPLOS 2004We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...
Secure program execution via dynamic information flow tracking
ASPLOS '04We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...
Comments