Enabling trusted software integrity

International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Volumn , Issue , 2002, Pages 108-120

  Kirovski, Darko ^a   Drinić, Milenko ^b   Potkonjak, Miodrag ^b  

^a MICROSOFT RESEARCH   (United States)

^b University of California   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARM INSTRUCTION SET; BUFFER OVERFLOWS; COMPILATION TECHNIQUES; COMPUTING SYSTEM; CORE TECHNOLOGY; HARD TASK; INTRUSION PREVENTION; INTRUSION PREVENTION SYSTEMS; KEY PROBLEMS; MALICIOUS CODES; MEDIABENCH; RUNTIMES; SECURITY AND PERFORMANCE; SOFTWARE INSTALLATIONS; SOFTWARE INTEGRITY; SYSTEM SECURITY;

COMPUTER OPERATING SYSTEMS; LINGUISTICS; NANOTECHNOLOGY; PROBLEM ORIENTED LANGUAGES;

SECURITY OF DATA;

EID: 0036949385     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/605397.605409     Document Type: Conference Paper

References (29)

1. ARM Corp. The ARM hardware-software development kit. Available online at http://www.arm.com.
2. N. Borisov, I. Goldberg, and D. Wagner. Intercepting mobile communications: the insecurity of 802.11. MOBICOM, 2001.
3. S. Chari and P.-C. Cheng. Bluebox: A policy driven, host-based intrusion detection system. Network and Distributed System Security, February 2002.
4. H. Chen, D. Wagner, and D. Dean. Setuid demystified. USENIX Security Symposium, 2002.
5. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, and P. W. Q. Zhang. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. USENIX Security Symposium, pages 63-77, Jan. 1998.
6. C. Cowan, F. Wagle, P. Calton, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. DARPA Information Survivability Conference and Exposition. IEEE Computer Soc, 2:95-107, 2000.
7. D. Evans. Static detection of dynamic memory errors. Programming Language Design and Implementation, pages 44-53, 1996.
8. D. Evans, J. Guttag, J. Horning, and Y. Tan. LCLint: A tool for using specifications to check code. ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 87-96, 1994.
9. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications. USENIX Security Symposium, pages 1-13, July 1996.
10. Intel Corp. Processor Serial Number Technical Notes. Available on-line at http://www.intel.com.
11. S. Johnson. Lint, a C program checker. Unix Programmer's Manual, AT&T Bell Laboratories, 1978.
12. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. USENIX Security Symposium, pages 177-89, Aug. 2001.
13. C. Lee, M. Potkonjak, and W. H. Mangione-Smith. Mediabench: A tool for evaluating and synthesizing multimedia and communications systems. International Symposium on Microarchitecture, 330-351, 1997.
14. D. Martin, Jr, S. Rajagopalan, and A. Rubin. Blocking java applets at the firewall. Network and Distributed System Security, pages 16-26, 1997.
15. A. Menezes, P. V. Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, October 1996.
16. R. Minnich. The Linux BIOS Home Page. Available on-line at http://www.acl.lanl.gov/linuxbios.
17. G. Necula. Proof-carrying code. Symposium on Principles of Programming Languages, pages 106-119, 1997.
18. A. One. Smashing the stack for fun and profit. Phrack, 49, 1996.
19. Phoenix Technologies Ltd. System BIOS for IBM PCs, Compatibles, and EISA Computers. Addison-Wesley, Reading, MA, 1991.
20. A. Rubin and D. Geer, Jr. Mobile code security. IEEE Internet Computing, 2(6):30-34, 1998.
21. Sci-Worx GmbH. AES Rijndael core. Available on-line at http://www.sci-worx.com.
22. D. Seeley. The internet worm, password cracking: a game of wits. Communications of the ACM, 32(6):700-3, June 1989.
23. R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. USENIX Security Symposium, pages 63-78, 1999.
24. U. Shankar, K. Talwar, J. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers, pages 201-20, 2001.
25. M. Smith. Support for speculative execution in high-performance processors. PhD thesis, Stanford University, 1992.
26. R. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM Journal, pages 25-33, 1967.
27. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. Network and Distributed System Security, 2000.
28. C. Wilson and L. Osterweil. Omega - a data flow analysis tool for the C programming language. IEEE Trans, on Software Engineering, 11(9):832-8, 1985. (Pubitemid 16574258)
29. Zero Knowledge Systems Inc. The Intel Pentium III Exploit Page. Available on-line at http://www.zeroknowledge.com/p3/home.asp.