Raksha: A flexible information flow architecture for software security

Proceedings - International Symposium on Computer Architecture

Volumn , Issue , 2007, Pages 482-493

  Dalton, Michael ^a   Kannan, Hari ^a   Kozyrakis, Christos ^a  

^a Stanford University   (United States)

Author keywords

Dynamic; Semantic vulnerabilities; Software security

Indexed keywords

DYNAMIC INFORMATION FLOW TRACKING (DIFT); SEMANTIC VULNERABILITIES; SOFTWARE SECURITY;

BUFFER STORAGE; COMPUTER OPERATING SYSTEMS; DATA TRANSFER; SECURITY OF DATA; SEMANTICS; SOFTWARE RELIABILITY;

COMPUTER ARCHITECTURE;

EID: 35348907867     PISSN: 10636897     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1250662.1250722     Document Type: Conference Paper

References (28)

1. CERT Coordination Center. Overview of attack trends. http://www.cert.org/ archive/pdf/attack_trends.pdf, 2002.
2. S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. K. Iyer. Defeating Memory Corruption Attacks via Pointer Ikintedness Detection. In the Proceedings of the International Conference on Dependable Systems and Networks (DSN), Yokohama, Japan, June 2005.
3. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks Are Realistic Threats. In the Proceedings of the 14th USENIX Securiry Symposium, Baltimore, MD, Aug. 2005.
4. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole system Simulation. In the Proceedings of the 13th USENIX Security Conference, Aug. 2004.
5. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worms. In the Proceedings of the 20th ACM Symposium on Operating Systems Principles, Brighton, UK, Oct. 2005.
6. J. R. Crandall and F. T. Chong. MINOS: Control Data Attack Prevention Orthogonal to Memory Model. In the Proceedings of the 37th Intl. Symposium on Microarchitecture, Portland, OR, Dec. 2004.
7. Cross-Compiled Linux From Scratch. http://cross-lfs.org.
8. M. Dalton, H. Kannan, and C. Kozyrakis. Deconstructing Hardware Architectures for Security. In the 5th Annual Workshop on Duplicating, Deconstructing, and Debunking, Boston, MA, June 2006.
9. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. ACM Communications, 20(7), 1977.
10. T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A Delegating Architecture for Secure System Call Interposition. In the Proceedings of the 11th Network and Distributed Systems Security Symposium, San Diego, CA, Feb. 2004.
11. Imperva Inc., How Safe is it Out There: Zeroing in on the vulnerabilities of application security, http://www.impervaom/company/news/2004-feb-02.html, 2004.
12. LEON3 SPARC Processor, http://www.gaisler.com.
13. B. Livshits, M. Martin, and M. S. Lam. SecuriFly: Runtime Protection and Recovery from. Web Application Vulnerabilities. Technical report, Stanford University, Sept. 2006.
14. J. Newsome and D. X. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In the Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, Feb. 2005.
15. A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications using Precise Tainting. In Proceedings of the 20th IFIP Intl. Information Security Conference, Chiba, Japan, May 2005.
16. OpenBSD IPv6 mbuf remote kernel buffer overflow. http://www. aecurityfocus.com/archive/1/462728/30/0/threaded, 2007.
17. Perl taint mode, http://www.per1.com.
18. T. Pietraszek and C. V. Berghe. Defending against Injection Attacks through Context-Sensitive String Evaluation. In the Proceedings of the Recent Advances in Intrusion Detection Symposium, Seattle, WA, Sept. 2005.
19. President's Information Technology Advisory Committee (PITAC). CyberSecurity: A Crisis of Prioritization. http://www.nitrd.gov/pitac/reports/ 20050301\_cybersecurity/cybersecurity.pdf, Feb. 2005.
20. N. Provos. Improving Host Security with System Call Policies. In the Proceedings of the 12th USENIX Security Symposium, Washington, DC, Aug. 2003.
21. F. Qin, C. Wang, Z. Li, H. seop Kim, Y. Zhou, and Y Wu. LIFT A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In the Proceedings of the 39th the Intl. Symposium on Microarchitecture, Orlando, FL, Dec. 2006.
22. W. Shi, H.-H. Lee, G. Gu, L. Falk, T. Mudge, and M. Ghosh. InfoShield: A Security Architecture for Protecting Information Usage in Memory. In Proceedings of the 12th Intl. Symposium on High-Performance Computer Architecture, Austin, TX, Feb. 2006.
23. Z. Su and G. Wassermann. The Essence of Command Injection Attacks in Web Applications. In the Proceedings of the 33rd Symposium on Principles of Programming Languages, 2006.
24. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In the Proceedings of the 11th Intl. Conference on Architectural Support for Programming Languages and Operating Systems, Boston, MA, Oct. 2004.
25. M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. ACM Trans. Computer Systems, 23(1), 2005.
26. Symantec Internet Security Threat Report, Volume X: Trends for January 06 - June 06, Sept. 2006.
27. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In the Proceedings of the 37th Intl. Symposium on Microarchitecture, Portland, OR, Dec. 2004.
28. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach, to defeat a wide range of attacks. In the Proceedings of the 15th USENIX Security Conference, Vancouver, Canada, Aug. 2006.