Hardware-enforced fine-grained isolation of untrusted code

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2009, Pages 11-18

  Leontie, Eugen ^a   Bloom, Gedare ^a   Narahari, Bhagirath ^a   Simha, Rahul ^a   Zambreno, Joseph ^b  

^a The George Washington University   (United States)

^b Iowa State University   (United States)

Author keywords

Architectural support for security; Fine grained protection; Isolation; Memory protection; Software security

Indexed keywords

ARCHITECTURAL SUPPORT; BOOKKEEPING DATA; C FUNCTIONS; DENIAL OF SERVICE; MEMORY PROTECTION; OPEN SOURCE PROJECTS; PLUG-INS; SOFTWARE SECURITY; UNTRUSTED CODE; WORST CASE;

COMPUTER HARDWARE; NETWORK SECURITY; TRACE ANALYSIS;

COMPUTER SOFTWARE;

EID: 74049130873     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1655077.1655082     Document Type: Conference Paper

References (27)

1. D. Arora, S. Ravi, A. Raghunathan, and N. Jha. Architectural support for run-time validation of program data properties. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 15(5):546-559, 2007.
2. T. Austin, E. Larson, and D. Ernst. Simplescalar: An infrastructure for computer system modeling. Computer, Feb 2002.
3. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to RISC. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2008.
4. O. Gelbart, P. Ott, B. Narahari, R. Simha, A. Choudhary, and J. Zambreno. CODESSEAL: A compiler/FPGA approach to secure applications. In Proceedings of the IEEE Conference on Intelligence and Security Informatics (ISI), 2005.
5. C. Grier, S. Tang, and S. T. King. Secure web browsing with the OP web browser. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), pages 402-416, 2008.
6. M. Guthaus, J. Ringenberg, D. Ernst, T. Austin, T. Mudge, and R. Brown. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE Workshop on Workload Characterization, 2001.
7. G. Hunt, C. Hawblitzel, O. Hodson, J. Larus, B. Steensgaard, and T. Wobber. Sealing OS processes to improve dependability and safety. In Proceedings of the European Conference on Computer Systems (EuroSys), Mar. 2007.
8. G. Hunt and J. Larus. Singularity: Rethinking the software stack. ACM SIGOPS Operating Systems Review, 41(2):37-49, Apr. 2007.
9. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the Usenix Annual Technical Conference, pages 275-288, June 2002.
10. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium, 2002.
11. E. Leontie, G. Bloom, B. Narahari, R. Simha, and J. Zambreno. Hardware containers for software components: A trusted platform for COTS-based systems. In Proceedings of the IEEE/IFIP International Symposium on Trusted Computing and Communications (TrustCom), Aug. 2009.
12. D. Lie, C. Thekkath, M. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proceedings of the International Symposium on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Nov. 2000.
13. P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, S. J. Turner, and J. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. In Proceedings of the 21st National Information Systems Security Conference, pages 303-314, 1998.
14. J. Manke and J. Wu. Data-intensive system benchmark suite analysis and specification. Atlantic Aerospace Electronics Corp, 1999.
15. Mozilla Corporation. Firefox add-ons. https://addons.mozilla.org/, 2009.
16. J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, 1975.
17. W. Shi, J. Fryman, G. Gu, H. Lee, Y. Zhang, and J. Yang. InfoShield: a security architecture for protecting information usage in memory. In Proceedings of the International Symposium on High-Performance Computer Architecture, pages 222-231, 2006.
18. W. Shi, C. Lu, and H. Lee. Memory-Centric security architecture. In Proceedings of the International Conference on High Performance Embedded Architectures and Compilers (HiPEAC), pages 153-168, 2005.
19. E. Spitznagel, D. Taylor, and J. Turner. Packet classification using extended TCAMs. In Proceedings of IEEE International Conference on Network Protocols (ICNP), 2003.
20. M. Swift, B. Bershad, and H. Levy. Improving the reliability of commodity operating systems. ACM Transactions on Computer Systems, 22(4), 2004.
21. The Apache Software Foundation. Apache httpd modules. http://httpd.apache.org/modules/, 2009.
22. D. Turner. Symantec internet security threat report: Trends for January - June 2007. Tech. report, Symantec Inc., 2007.
23. D. Wagner. Janus: An approach for confinement of untrusted applications. Technical Report CSD-99-1056, UC Berkeley, 1999.
24. E. Witchel, J. Cates, and K. Asanovíc. Mondrian memory protection. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 304-316, 2002.
25. E. Witchel, J. Rhee, and K. Asanovíc. Mondrix: memory isolation for linux using mondriaan memory protection. SIGOPS Operating Systems Review, 39(5):31-44, 2005.
26. M. Wolczko. Benchmarking Java with Richards and DeltaBlue. available at http://research.sun.com/people/mario/java-benchmarking, 2006.
27. S. Zdancewic, L. Zheng, N. Nystrom, and A. Myers. Secure program partitioning. ACM Transactions on Computer Systems, 20(3), Aug. 2002.