Article

Safe Virtual Execution Using Software Dynamic Translation

Authors:

Kevin Scott,

Jack DavidsonAuthors Info & Claims

ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference

Page 209

Published: 09 December 2002 Publication History

Publisher Site

Abstract

Safe virtual execution (SVE) allows a host computersystem to reduce the risks associated with runninguntrusted programs. SVE prevents untrusted programsfrom directly accessing system resources, thereby givingthe host the ability to control how individualresources may be used. SVE is used in a variety ofsafety-conscious software systems, including the JavaVirtual Machine (JVM), software fault isolation (SFI),system call interposition layers, and execution monitors.While SVE is the conceptual foundation for thesesystems, each uses a different implementation technology.The lack of a unifying framework for building SVEsystems results in a variety of problems: many usefulSVE systems are not portable and therefore are usableonly on a limited number of platforms; code reuseamong different SVE systems is often difficult or impossible;and building SVE systems from scratch can beboth time consuming and error prone.To address these concerns, we have developed a portable,extensible framework for constructing SVE systems.Our framework, called Strata, is based onsoftware dynamic translation (SDT), a technique formodifying binary programs as they execute. Strata isdesigned to be ported easily to new platforms and todate has been targeted to SPARC/Solaris, x86/Linux,and MIPS/IRIX. This portability ensures that SVEapplications implemented in Strata are available to awide variety of host systems. Strata also affords theopportunity for code reuse among different SVE applicationsby establishing a common implementationframework.Strata implements a basic safe virtual executionengine using SDT. The base functionality supplied bythis engine is easily extended to implement specific SVEsystems. In this paper we describe the organization ofStrata and demonstrate its extension by building twoSVE systems: system call interposition and stack-smashingprevention. To illustrate the use of the systemcall interposition extensions, the paper presents implementationsof several useful security policies.

Cited By

View all

Junod PRinaldini JWehrli JMichielin JFalcarin PWyseur B(2015)Obfuscator-LLVMProceedings of the 1st International Workshop on Software Protection10.5555/2821429.2821434(3-9)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2821429.2821434
Niu BTan GSadeghi AGligor VYung M(2013)Monitor integrity protection with space efficiency and separate compilationProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516649(199-210)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516649
Wartell RMohan VHamlen KLin ZZakon R(2012)Securing untrusted code via compiler-agnostic binary rewritingProceedings of the 28th Annual Computer Security Applications Conference10.1145/2420950.2420995(299-308)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.1145/2420950.2420995
Show More Cited By

Recommendations

Combining batch execution and leasing using virtual machines
HPDC '08: Proceedings of the 17th international symposium on High performance distributed computing

As cluster computers are used for a wider range of applications, we encounter the need to deliver resources at particular times, to meet particular deadlines, and/or at the same time as other resources are provided elsewhere. To address such ...
Execution replay of multiprocessor virtual machines
VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Execution replay of virtual machines is a technique which has many important applications, including debugging, fault-tolerance, and security. Execution replay for single processor virtual machines is well-understood, and available commercially. With ...
Optimizing virtual machines using hybrid virtualization

Minimizing virtualization overhead and improving the reliability of virtual machines are challenging when establishing virtual machine cluster. Paravirtualization and hardware-assisted virtualization are two mainstream solutions for modern system ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference

December 2002

ISBN:0769518281

Publisher

IEEE Computer Society

United States

Publication History

Published: 09 December 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Junod PRinaldini JWehrli JMichielin JFalcarin PWyseur B(2015)Obfuscator-LLVMProceedings of the 1st International Workshop on Software Protection10.5555/2821429.2821434(3-9)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2821429.2821434
Niu BTan GSadeghi AGligor VYung M(2013)Monitor integrity protection with space efficiency and separate compilationProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516649(199-210)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516649
Wartell RMohan VHamlen KLin ZZakon R(2012)Securing untrusted code via compiler-agnostic binary rewritingProceedings of the 28th Annual Computer Security Applications Conference10.1145/2420950.2420995(299-308)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.1145/2420950.2420995
Niu BTan GXu SYu TZhang XDing X(2012)Enforcing user-space privilege separation with declarative architecturesProceedings of the seventh ACM workshop on Scalable trusted computing10.1145/2382536.2382541(9-20)Online publication date: 15-Oct-2012
https://dl.acm.org/doi/10.1145/2382536.2382541
Payer MGross T(2012)Protecting applications against TOCTTOU races by user-space caching of file metadataACM SIGPLAN Notices10.1145/2365864.215105247:7(215-226)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2365864.2151052
Ghosh SHiser JDavidson J(2012)Replacement attacks against VM-protected applicationsACM SIGPLAN Notices10.1145/2365864.215105147:7(203-214)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2365864.2151051
Guha AHazelwood KSoffa M(2012)Memory optimization of dynamic binary translators for embedded systemsACM Transactions on Architecture and Code Optimization10.1145/2355585.23555959:3(1-29)Online publication date: 5-Oct-2012
https://dl.acm.org/doi/10.1145/2355585.2355595
Payer MGross THand Sda Silva D(2012)Protecting applications against TOCTTOU races by user-space caching of file metadataProceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments10.1145/2151024.2151052(215-226)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2151024.2151052
Ghosh SHiser JDavidson JHand Sda Silva D(2012)Replacement attacks against VM-protected applicationsProceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments10.1145/2151024.2151051(203-214)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2151024.2151051
Hsieh ALiu CHwang T(2011)Enhanced heterogeneous code cache management scheme for dynamic binary translationProceedings of the 16th Asia and South Pacific Design Automation Conference10.5555/1950815.1950870(231-236)Online publication date: 25-Jan-2011
https://dl.acm.org/doi/10.5555/1950815.1950870
Show More Cited By

Abstract

Cited By

Recommendations

Combining batch execution and leasing using virtual machines

Execution replay of multiprocessor virtual machines

Optimizing virtual machines using hybrid virtualization

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations