Parallelizing security checks on commodity hardware

ACM SIGPLAN Notices

Volumn 43, Issue 3, 2008, Pages 308-318

  Nightingale, Edmund B ^a,b   Peek, Daniel ^a   Chen, Peter M ^a   Flinn, Jason ^a  

^a MICROSOFT RESEARCH   (United States)

^b UNIVERSITY OF MICHIGAN   (United States)

Author keywords

Operating Systems; Parallel; Performance; Security; Speculative Execution

Indexed keywords

COMPUTER HARDWARE; COMPUTER OPERATING SYSTEMS; DATA FLOW ANALYSIS; HARDWARE SECURITY; INFORMATION ANALYSIS; SECURITY SYSTEMS;

COMMODITY HARDWARE; PARALLEL; PERFORMANCE; SECURITY; SECURITY CHECKS; SENSITIVE DATAS; SPECULATIVE EXECUTION; TAINT PROPAGATION;

COMPUTER VIRUSES;

EID: 67650085302     PISSN: 15232867     EISSN: None     Source Type: Journal    
DOI: 10.1145/1353536.1346321     Document Type: Article

References (34)

1. ClamAV: The clam anti-virus toolkit, 2007. http://www.clamav.net.
2. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In Proceedings of the 2005 USENIX Security Symposium, August 2005.
3. Thomas C. Bressoud and Fred B. Schneider. Hypervisor-based faulttolerance. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, pages 1-11, Copper Mountain, CO, December 1995.
4. Miguel Castro, Manuel Costa, and Tim Harris. Securing software by enforcing data-flow integrity. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pages 147-160, Seattle, WA, October 2006.
5. Fay Chang and Garth Gibson. Automatic I/O hint generation through speculative execution. In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation, pages 1-14, New Orleans, LA, February 1999.
6. Shimin Chen, Babak Falsafi, Phillip B. Gibbons, Michael Kozuch, Todd C. Mowry, Radu Teodorescu, Anastassia Ailamaki, Limor Fix, Gregory R. Ganger, Bin Lin, and Steven W. Schlosser. Log-Based Architectures for General-Purpose Monitoring of Deployed Code. 2006 Workshop on Architectural and System Support for Improving Software Dependability, October 2006.
7. Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In Proceedings of the 2005 USENIX Security Symposium, pages 331-346, August 2005.
8. Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, and Paul Barham. Vigilante: end-to-end containment of internet worms. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, pages 133-147, Brighton, United Kingdom, October 2005.
9. George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pages 211-224, Boston, MA, December 2002.
10. Keir Fraser and Fay Chang. Operating system I/O speculation: How two invocations are faster than one. In Proceedings of the 2003 USENIX Technical Conference, pages 325-338, San Antonio, TX, June 2003.
11. Alex Ho, Michael Fetterman, Christopher Clark, Andrew Warfield, and Steven Hand. Practical Taint-based Protection using Demand Emulation. In Proceedings of EuroSys 2006, 2006.
12. Jeffrey Katcher. PostMark: A new file system benchmark. Technical Report TR3022, Network Appliance, 1997. Tom Knight. An architecture for mostly functional languages. In Proceedings of the 1986 ACM conference on LISP and functional programming, pages 105-112, 1986.
13. Calvin Ko and Timothy Redmond. Noninterference and intrusion detection. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 177-187, May 2002.
14. Tong Li, Carla S. Ellis, Alvin R. Lebeck, and Daniel J. Sorin. Pulse: A dynamic deadlock detection mechanism using speculative execution. In Proceedings of the 2005 USENIX Technical Conference, 31-44, April 2005.
15. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation, pages 190-200, Chicago, IL, June 2005.
16. Yevgeniy Miretskiy, Abhijith Das, Charles P. Wright, and Erez Zadok. Avfs: An on-access anti-virus file system. In Proceedings of the 13th USENIX Security Symposium, pages 73-88, 2004.
17. Nicholas Nethercote and Julian Seward. Valgrind: A framework for heavy-weight dynamic binary instrumentation. In Proceedings of the Conference on Programming Language Design and Implementation 2007, San Diego, CA, June 2007.
18. James Newsome and Dawn Song. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In In Proceedings of the 12th Network and Distributed Systems Security Symposium, February 2005.
19. Edmund B. Nightingale, Peter M. Chen, and Jason Flinn. Speculative execution in a distributed file system. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, pages 191-205, Brighton, United Kingdom, October 2005.
20. Edmund B. Nightingale, Kaushik Veeraraghavan, Peter M. Chen, and Jason Flinn. Rethink the sync. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pages 1-14, Seattle, WA, October 2006.
21. Jeffrey Oplinger and Monica S. Lam. Enhancing software reliability using speculative threads. In Proceedings of the 2002 International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 184-196, October 2002.
22. Yoshihiro Oyama, Koichi Onoue, and Akinori Yonezawa. Speculative security checks in sandboxing systems. In Proceedings of the 2005 International Parallel and Distributed Processing Symposium (IPDPS), April 2005.
23. Harish Patil and Charles N. Fischer. Efficient Run-time Monitoring Using Shadow Processing. In Proceedings of the International Workshop on Automated and Algorithmic Debugging (AADEBUG), pages 119-132, May 1995.
24. Niels Provos. Improving host security with system call policies. In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., August 2003.
25. Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, and Yuanyuan Zhou. Rx: Treating bugs as allergies-a safe method to survive software failures. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, pages 235-248, Brighton, United Kingdom, October 2005.
26. Feng Qin, Cheng Wang, Zhenmin Li, Ho seop Kim, Yuanyuan Zhou, and Youfeng Wu. Lift: A low-overhead practical information flow tracking system for detecting general security attacks. In The 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO '06), Orlando, FL, 2006.
27. Gurindar S. Sohi, Scott E. Breach, and T. N. Vijaykumar. Multiscalar processors. In Proceedings of the 1995 International Symposium on Computer Architecture, June 1995.
28. J. Gregory Steffan and Todd C. Mowry. The potential for using thread-level data speculation to facilitate automatic parallelization. In Proceedings of the 1998 Symposium on High Performance Computer Architecture, February 1998.
29. G. T. Sullivan, D. L. Bruening, I. Baron, T. Garnett, and S. Amarasinghe. Dynamic native optimization of interpreters. In Proceedings of the Workshop on Interpreters, Virtual Machines and Emulators, 2003.
30. Peter Szor. The Art of Computer Virus Research and Defense. Addison Wesley, 2005.
31. Dean M. Tullsen, Susan J. Eggers, and Henry M. Levy. Simultaneous multithreading: Maximizing on-chip parallelism. In Proceedings of the 1995 International Symposium on Computer Architecture, June 1995.
32. David Wagner and Drew Dean. Intrusion detection via static analysis. In Proceedings of 2001 IEEE Symposium on Computer Security and Privacy2001, pages 156-169, 2001.
33. Min Xu, Rastislav Bodik, and Mark D. Hill. A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay. In Proceedings of the 2003 International Symposium on Computer Architecture, June 2003.
34. Pin Zhou, Feng Qin, Wei Liu, Yuanyuan Zhou, and Josep Torrellas. iWatcher: Efficient architectural support for software debugging. In Proceedings of the 2004 International Symposium on Computer Architecture, June 2004.