Architectural support for run-time validation of program data properties

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Volumn 15, Issue 5, 2007, Pages 546-559

  Arora, Divya ^b   Ravi, Srivaths ^a,c   Raghunathan, Anand ^a,d   Jha, Niraj K ^a,b  

^a IEEE

^b Princeton University   (United States)

^c TEXAS INSTRUMENTS   (India)

^d NEC LABORATORIES AMERICA   (United States)

Author keywords

Embedded processors; Processor architectures; Security and protection; Special purpose and application based systems

Indexed keywords

BENCHMARKING; COMPUTER AIDED DESIGN; COMPUTER ARCHITECTURE; EMBEDDED SYSTEMS; SECURITY OF DATA; STORAGE ALLOCATION (COMPUTER);

EMBEDDED PROCESSORS; PROCESSOR ARCHITECTURES; SECURITY AND PROTECTION; SPECIAL-PURPOSE AND APPLICATION-BASED SYSTEMS;

PROGRAM PROCESSORS;

EID: 34249779582     PISSN: 10638210     EISSN: None     Source Type: Journal    
DOI: 10.1109/TVLSI.2007.896913     Document Type: Article

References (35)

1. CERT Coordination Center, Washington, DC, "Vulnerability notes database," (2006). [Online], Available: http://nvd.nist.gov/statistics.cfm
2. NIST, Washington, DC, "ICAT statistics," [Online]. Available: http://icat.nist.gov/icat.cfm?function=statistics
3. P. Kocher, R. B. Lee, G. McGraw, A. Raghunathan, and S. Ravi, "Security as a new dimension in embedded system design," in Proc. ACM/ IEEE Design Autom. Conf., 2004. pp. 753-760.
4. H. Chang and M. J. Atallah, "Protecting software code by guards," in Proc. Revised Papers ACM CCS-8 Workshop Security Privacy Digit. Rights Manag., 2001, pp. 160-175.
5. V. Kiriansky, D. Bruening, and S. P. Amarasinghe, "Secure execution via program shepherding," in Proc. USENIX Security Symp., 2002, pp. 191-206.
6. D. Arora, S. Ravi, A. Raghunathan, and N. K. Jha, "Secure embedded processing through hardware-assisted run-time monitoring," in Proc. Design, Autom. Test Eur., 2005, pp. 178-183.
7. J. L. Hennessy and D. A. Patterson, Computer Architecture: A Quantitative Approach. Menlo Park, CA: Morgan Kaufmann, 1996.
8. M. Howard and D. LeBlanc, Writing Secure Code. Redmond, WA: Microsoft Press, 2002.
9. W. Stallings, Cryptography and Network Security: Principles and Practice. Englewood Cliffs, NJ: Prentice-Hall, 1998.
10. C. Cowan et al., "Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks," in Proc. USENIX Security Symp., 1998, pp. 63-77.
11. "Non-executable user stack," [Online]. Available: http://www.openwall.com/linux
12. C. Fetzer and Z. Xiao, "Detecting heap buffer overflow through fault containment wrappers," in Proc. Symp. Reliable. Distributed Syst., 2001, pp. 80-89.
13. K. Avijit, P. Gupta, and D. Gupta, "TIED, libsafeplus: Tools for runtime buffer overflow protection," in Proc. USENIX Security Symp., 2004, pp. 45-56.
14. W. Robertson, C. Kruegel, D. Mutz, and F. Valeur, "Run-time detection of heap-based overflows," in Proc. USENIX Large Installation Syst. Administration Conf., 2003, pp. 51-60.
15. R. Hastings and B. Joyce, "Purify: Fast detection of memory leaks and access errors," in Proc. Winter USENIX Conf., 1992, pp. 125-136.
16. Valgrind Project, "Valgrind," (2007). [Online]. Available: http://valgrind.kde.org/index.html
17. G. McGraw and E. W. Felten, Java Security: Hostile Applets, Holes, and Antidotes. New York: Wiley, 1996.
18. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang, "Cyclone: A safe dialect of C," in Proc. USENIX Annu. Techn. Conf., 2002, pp. 275-288.
19. G. C. Necula, S. McPeak, and W. Weimer, "CCured: Type-safe retrofitting of legacy code," in Proc. Symp. Principles Program. Languages, 2002, pp. 128-139.
20. S. H. Yong and S. Horwitz, "Protecting C programs from attacks via invalid pointer dereferences," in Proc. Eur. Softw. Eng. Conf. Held Jointly with 11th ACM SIGSOFT Int. Symp. Foundations Softw. Eng., 2003, pp. 307-316.
21. A. Loginov, S. H. Yong, S. Horwitz, and T. W. Reps, "Debugging via run-time type checking," in Proc. Int. Conf. Fundamental Approaches Softw. Eng., 2001, pp. 217-232.
22. R. W. M. Jones and P. H. J. Kelly, "Backwards-compatible bounds checking for arrays and pointers in C programs," in Proc. Int. Workshop Autom. Algorithmic Debugging, 1997, pp. 13-26.
23. O. Ruwase and M. Lam, "A practical dynamic buffer overflow detector," in Proc. Netw. Distrib. Syst. Security Symp., 2004, pp. 159-169.
24. T. M. Austin, S. E. Breach, and G. S. Sohi, "Efficient detection of all pointer and array access errors," in Proc. SIGPLAN Conf. Program. Language Design Implementation, 1994, pp. 290-301.
25. D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz, "Architectural support for copy and tamper resistant software," in Proc. Int. Conf. Arch. Support for Progmm. Languages Operat. Syst., 2000, pp. 168-177.
26. G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, "AEGIS: Architecture for tamper-evident and tamper-resistant processing," in Proc. Int. Conf. Supercomput., 2003, pp. 160-171.
27. D. Brumley and D. Song, "Privtrans: Automatically partitioning programs for privilege separation," in Proc. USENIX Security Symp., 2004, pp. 57-72.
28. G. E. Suh, J. Lee, and S. Devadas, "Secure program execution via dynamic information flow tracking," in Proc. Int. Conf. Arch. Support for Progmm. Languages Operat. Syst., 2004, pp. 85-96.
29. C. Lee, M. Potkonjak, and W. H. Mangione-Smith. "MediaBench: A tool for evaluating and synthesizing multimedia and communicatons systems," in Proc. Int. Symp. Microarch., 1997, pp. 330-335.
30. M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, and R. B. Brown, "Mibench: A free, commercially representative embedded benchmark suite," in Proc. Annu. Workshop Workload Characterization, 2001. pp. 3-14.
31. D. Burger and T. M. Austin, 'The SimpleScalar tool set," Comput. Sci. Dept., Univ. Wisconsin-Madison, Tech. Rep. 2-0, 1997.
32. Phrack, "Once upon a free()." [Online], Available: http://www.phrack.org/archives/57/p57-0x09
33. M. Frantzen and M. Shuey, "Stackghost: Hardware facilitated stack protection," in Proc. 10th USENIX Security Symp., 2001, pp. 55-66.
34. C. Cowan et al., "A toolkit for specializing production operating system code," Oregon Grad. Inst., Tech. Rep. CSE-97-004, 1997.
35. S. J. E. Wilton and N. P. Jouppi, "CACTI: An enhanced cache access and cycle time model," IEEE J. Solid State Circuits, vol. 31, no. 5, pp. 677-688, May 1996.