A theory of secure control flow

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3785 LNCS, Issue , 2005, Pages 111-124

  Abadi, Martín ^a   Budiu, Mihai ^b   Erlingsson, Úlfar ^b   Ligatti, Jay ^c  

^a University of California Santa Cruz   (United States)

^b MICROSOFT RESEARCH   (United States)

^c Princeton University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CONTROL FLOW INTEGRITY (CFI); CONTROL PROGRAMS; HYPOTHESES; STATIC POLICY;

COMPUTER PROGRAMMING; COMPUTER SCIENCE; CONTROL SYSTEMS; DYNAMIC PROGRAMMING; FORMAL LOGIC; SOFTWARE ENGINEERING;

DATA FLOW ANALYSIS;

EID: 33646765787     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11576280_9     Document Type: Conference Paper

References (21)

1. M. Abadi. Protection in programming-language translations. In K.G. Larsen, S. Skyum, and G. Winskel, editors, Proceedings of the 25th International Colloquium on Automata, Languages and Programming, volume 1443 of Lecture Notes in Computer Science, pages 868-883. Springer-Verlag, 1998.
2. Also Digital Equipment Corporation Systems Research Center report No. 154, April 1998.
3. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. In Proceedings of the ACM Conference on Computer and Communications Security, 2005. A preliminary version appears as Microsoft Research Technical Report MSR-TR-05-18, February 2005.
4. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Further formal material on CFI and SMAC. Manuscript, available at http://research.microsoft. com/research/sv/gleipnir, 2005.
5. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Symposium, pages 63-78, 1998.
6. U. Erlingsson and F.B. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop, pages 87-95, 1999.
7. N. Hamid, Z. Shao, V. Trifonov, S. Monnier, and Z, Ni. A Syntactic Approach to Foundational Proof-Carrying Code. Technical Report YALEU/DCS/TR-1224, Dept. of Computer Science, Yale University, 2002.
8. J. Ligatti, L. Bauer, and D. Walker. Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security, 4(1-2):2-16, February 2005.
9. Microsoft Corporation. Changes to functionality in Microsoft Windows XP SP2: Memory protection technologies, 2004. http://www.microsoft.com/technet/ prodtechnol/winxppro/maintain/sp2mempr.mspx.
10. G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):527-568, 1999.
11. G. Necula. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pages 106-119, January 1997.
12. PaX Project. The PaX project, 2004. http://pax.grsecurity.net/.
13. J. Pincus and B. Baker. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy, 2(4):20-27, 2004.
14. O. Ruwase and M.S. Lam. A practical dynamic buffer overflow detector. In Proceedings of Network and Distributed System Security Symposium, pages 159-169, 2004.
15. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the ACM Conference on Computer and Communications Security, pages 298-307, 2004.
16. A. Srivastava, A. Edwards, and H. Vo. Vulcan: Binary transformation in a distributed environment. Technical Report MSR-TR-2001-50, Microsoft Research, 2001.
17. A. Srivastava and A. Eustace. ATOM: A system for building customized program analysis tools. Technical Report WRL Research Report 94/2, Digital Equipment Corporation, 1994.
18. G.E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85-96, 2004.
19. R. Wahbe, S. Lucco, T.E. Anderson, and S.L. Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 27(5):203-216, 1993.
20. J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the Network and Distributed System Security Symposium, pages 149-162, 2003.
21. J. Xu, Z. Kalbarczyk, and R.K. Iyer. Transparent runtime randomization for security. In Proceedings of the Symposium on Reliable and Distributed Systems, pages 260-269, 2003.