Fides: Selectively hardening software application components against kernel-level or process-level malware

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 2-13

  Strackx, Raoul ^a   Piessens, Frank ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

Fully abstract compilation; Secure execution; Trusted computing

Indexed keywords

API DESIGN; COMMODITY OPERATING SYSTEMS; FULLY ABSTRACT COMPILATION; FULLY PROTECTED; LINES OF CODE; MALWARES; PERFORMANCE COSTS; RUNTIMES; SECURE EXECUTION; SECURITY ARCHITECTURE; SHEER SIZE; SOFTWARE APPLICATIONS; SOFTWARE MODULES; SOURCE CODES; TRUSTED COMPUTING;

BENCHMARKING; C (PROGRAMMING LANGUAGE); COMPUTER CRIME; COMPUTER SOFTWARE;

SECURITY OF DATA;

EID: 84869412964     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382200     Document Type: Conference Paper

References (40)

1. Abadi, M., and Plotkin, G. D. On protection by layout randomization. In Computer Security Foundations Symposium (CSF) (2010), pp. 337-351.
2. Agten, P., Strackx, R., Jacobs, B., and Piessens, F. Secure compilation to modern processors. In Computer Security Foundations Symposium (2012), pp. 171-185.
3. Appel, A. W. Compiling with Continuations. Cambridge University Press, New York, NY, USA, 2007.
4. Azab, A., Ning, P., and Zhang, X. Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM conference on Computer and communications security (2011), ACM, pp. 375-388.
5. Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. K. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In ASPLOS (2008).
6. Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., and Tobies, S. Vcc: A practical system for verifying concurrent c. In Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics (Berlin, Heidelberg, 2009), TPHOLs '09, Springer-Verlag, pp. 23-42.
7. Datta, A., Franklin, J., Garg, D., and Kaynar, D. A logic of secure systems and its application to trusted computing. In 30th IEEE Symposium on Security and Privacy (2009), IEEE, pp. 221-236.
8. Dolev, D., and Yao, A. C. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198-208.
9. El Defrawy, K., Aurélien Francillon, D., and Tsudik, G. Smart: Secure and minimal architecture for (establishing a dynamic) root of trust. In Proceedings of the Network & Distributed System Security Symposium (NDSS), San Diego, CA (2012).
10. England, P., Lampson, B., Manferdelli, J., and Willman, B. A trusted open platform. Computer 36, 7 (July 2003), 55-62.
11. Erlingsson, Ú. Low-level software security: Attacks and defenses. Foundations of Security Analysis and Design IV (2007), 92-134.
12. Erlingsson, U., Younan, Y., and Piessens, F. Low-level software security by example. In Handbook of Information and Communication Security. Springer, 2010.
13. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Operating Systems Review 37, 5 (2003), 193-206.
14. Kauer, B. Oslo: improving the security of trusted computing. In SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (Berkeley, CA, USA, 2007), USENIX Association, pp. 1-9.
15. King, S., Chen, P., Wang, Y., Verbowski, C., Wang, H., and Lorch, J. SubVirt: Implementing malware with virtual machines. IEEE Symposium on Security and Privacy (Oakland) (2006).
16. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., et al. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (2009), ACM, pp. 207-220.
17. Longley, D., and Rigby, S. An automatic search for security flaws in key management schemes. Computers & Security 11, 1 (1992), 75-89.
18. Martignoni, L., Paleari, R., and Bruschi, D. Conqueror: tamper-proof code execution on legacy systems. In Proceedings of the 7th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) (July 2010), Lecture Notes in Computer Science, Springer, pp. 21-40. Bonn, Germany.
19. Martignoni, L., Poosankam, P., Zaharia, M., Han, J., McCamant, S., Song, D., Paxson, V., Perrig, A., Shenker, S., and Stoica, I. Cloud terminal: Secure access to sensitive applications from untrusted systems.
20. McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., and Perrig, A. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy (May 2010).
21. McCune, J. M., Parno, B., Perrig, A., Reiter, M. K., and Isozaki, H. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference in Computer Systems (EuroSys) (Apr. 2008), ACM, pp. 315-328.
22. McCune, J. M., Perrig, A., and Reiter, M. K. Safe passage for passwords and other sensitive data. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS) (Feb. 2009).
23. One, A. Smashing the stack for fun and profit. Phrack magazine 7, 49 (1996).
24. Parno, B., Lorch, J. R., Douceur, J. R., Mickens, J., and McCune, J. M. Memoir: Practical state continuity for protected modules. In Proceedings of the IEEE Symposium on Security and Privacy (May 2011).
25. Parno, B., Mccune, J. M., and Perrig, A. Bootstrapping trust in commodity computers. In In Proceedings of the IEEE Symposium on Security and Privacy (2010).
26. Reynolds, J. Definitional interpreters for higher-order programming languages. In proceedings 25th ACM National Conference (1972), pp. 717-740.
27. Rutkowska, J. Subverting VistaTM Kernel For Fun And Profit. Black Hat Briefings (2006).
28. Sahita R, Warrier U., D. P. Protecting Critical Applications on Mobile Platforms. Intel Technology Journal 13 (2009), 16-35.
29. Saltzer, J., and Schroeder, M. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (1975), 1278-1308.
30. Seshadri, A., Luk, M., Qu, N., and Perrig, A. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles (2007), ACM, pp. 335-350.
31. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., and Khosla, P. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP) (Oct. 2005), ACM, pp. 1-15.
32. Shacham, H. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security (New York, NY, USA, 2007), CCS '07, ACM, pp. 552-561.
33. Singaravelu, L., Pu, C., Härtig, H., and Helmuth, C. Reducing tcb complexity for security-sensitive applications: three case studies. In EuroSys '06: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006 (New York, NY, USA, 2006), ACM, pp. 161-174.
34. Strackx, R., Piessens, F., and Preneel, B. Efficient Isolation of Trusted Subsystems in Embedded Systems. Security and Privacy in Communication Networks (2010), 344-361.
35. Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., and Walter, T. Breaking the memory secrecy assumption. In Proceedings of the Second European Workshop on System Security (2009), ACM, pp. 1-8.
36. Ta-Min, R., Litty, L., and Lie, D. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation (2006), USENIX Association, pp. 279-292.
37. Thekkath, D. L. C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., and Horowitz, M. Architectural support for copy and tamper resistant software. SIGOPS Oper. Syst. Rev. 34 (November 2000), 168-177.
38. Williams, P., and Boivie, R. Cpu support for secure executables. Trust and Trustworthy Computing (2011), 172-187.
39. Younan, Y., Joosen, W., and Piessens, F. Code injection in c and c++ : A survey of vulnerabilities and countermeasures. Tech. rep., Department of Computer Science, KULeuven, 2004.
40. Zhou, Z., Gligor, V., Newsome, J., and McCune, J. Building verifiable trusted path on commodity x86 computers. In IEEE Symposium on Security and Privacy (2012).