Secure program execution via dynamic information flow tracking

11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XI

Volumn , Issue , 2004, Pages 85-96

  Suh, G Edward ^a   Lee, Jae W ^a   Zhang, David ^a   Devadas, Srinivas ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Buffer overflow; Format string; Hardware tagging

Indexed keywords

BUFFER STORAGE; CODES (SYMBOLS); COMMUNICATION CHANNELS (INFORMATION THEORY); COMPUTATIONAL METHODS; COMPUTER CRIME; COMPUTER OPERATING SYSTEMS; DATA STORAGE EQUIPMENT; PROGRAM PROCESSORS; SECURITY OF DATA;

BUFFER OVERFLOW; DYNAMIC INFORMATION FLOW TRACKING; FORMAT STRING; HARDWARE TAGGING;

COMPUTER ARCHITECTURE;

EID: 12844267418     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1037947.1024404     Document Type: Conference Paper

References (26)

1. A. Baratloo, T. Tsai, and N. Singh. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, 2000.
2. D. Burger and T. M. Austin. The SimpleScalar Tool Set, Version 2.0. Technical report, University of Wisconsin-Madison Computer Science Department, 1997.
3. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities, 2001. In 10th USENIX Security Symposium, Washington, D.C., August 2001.
4. th USENIX Security Symposium, 2003.
5. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Symposium, pages 63-78, San Antonio, Texas, Jan. 1998.
6. S. Designer. Non-executable user stack. http://www.openwall.com/linux/.
7. th ACM Conference on Computer and Communications Security, 2003.
8. J. L. Henning. SPEC CPU2000: Measuring CPU performance in the new millennium. IEEE Computer, July 2000.
9. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of c. In Proceedings of the USENIX Annual Technical Conference, 2002.
10. rd International Workshop on Automatic Debugging, 1997.
11. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. 11th USENIX Security Symposium, San Francisco, California, Aug. 2002.
12. K. Lawton, B. Denney, N. D. Guarneri, V. Ruppert, and C. Bothamy. Bochs user manual. http://bochs.sourceforge.net/.
13. R. B. Lee, D. K. Karig, J. P. McGregor, and Z. Shi. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the 2003 International Conference on Security in Pervasive Computing, 2003.
14. th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2002.
15. T. Newsham. Format string attacks. Guardent, Inc., September 2000. http://wvw.securityfocus.com/guest/3342.
16. A. One. Smashing the stack for fun and profit. Phrack, 7(49), Nov. 1996.
17. PaX Team. Non executable data pages. http://pageexec.virtualave.net/ verbpageexec.txt.
18. th Annual Network and Distributed System Security Symposium, 2004.
19. H. J. Saal and I. Gat. A hardware architecture for controlling information flow. In Proceedings of the 5th Annual Symposium on Computer Architecture, 1978.
20. Scut. Exploiting format string vulnerabilities. TESO Security Group, September 2001. http://www.team-teso.net/articles/verbformatstring.
21. th USENIX Security Symposium, 2001.
22. P. Shivakumar and N. J. Jouppi. CACTI 3.0: An integrated cache timing, power, and area model. Technical report, WRL Research Report, Feb. 2001.
23. Vendicator. Stackshield: A "stack smashing" technique protection tool for linux. http://wwv.angelfire.com/sk/stackshield/.
24. th Annual Network and Distributed System Security Symposium, 2003.
25. th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 304-316, 2002.
26. nd Workshop on Evaluating and Architecting System dependability (EASY), 2002.