More Web Proxy on the site http://driver.im/

article

Secure program execution via dynamic information flow tracking

Authors:

Srinivas DevadasAuthors Info & Claims

ACM SIGPLAN Notices, Volume 39, Issue 11

Pages 85 - 96

https://doi.org/10.1145/1037187.1024404

Published: 07 October 2004 Publication History

Abstract

We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restricting the usage of the spurious information.Every security attack to take control of a program needs to transfer the program's control to malevolent code. In our approach, the operating system identifies a set of input channels as spurious, and the processor tracks all information flows from those inputs. A broad range of attacks are effectively defeated by checking the use of the spurious values as instructions and pointers.Our protection is transparent to users or application programmers; the executables can be used without any modification. Also, our scheme only incurs, on average, a memory overhead of 1.4% and a performance overhead of 1.1%.

References

[1]

A. Baratloo, T. Tsai, and N. Singh. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, 2000.]]

Digital Library

[2]

D. Burger and T. M. Austin. The SimpleScalar Tool Set, Version 2.0. Technical report, University of Wisconsin-Madison Computer Science Department, 1997.]]

[3]

C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities, 2001. In 10th USENIX Security Symposium, Washington, D.C., August 2001.]]

Digital Library

[4]

C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, 2003.]]

Digital Library

[5]

C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Symposium, pages 63--78, San Antonio, Texas, Jan. 1998.]]

Digital Library

[6]

S. Designer. Non-executable user stack. http://www.openwall.com/linux/.]]

[7]

V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun detection using linear programming and static analysis. In Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003.]]

Digital Library

[8]

J. L. Henning. SPEC CPU2000: Measuring CPU performance in the new millennium. IEEE Computer, July 2000.]]

Digital Library

[9]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of c. In Proceedings of the USENIX Annual Technical Conference, 2002.]]

Digital Library

[10]

R. Jones and P. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the 3rd International Workshop on Automatic Debugging, 1997.]]

[11]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. 11th USENIX Security Symposium, San Francisco, California, Aug. 2002.]]

Digital Library

[12]

K. Lawton, B. Denney, N. D. Guarneri, V. Ruppert, and C. Bothamy. Bochs user manual. http://bochs.sourceforge.net/.]]

[13]

R. B. Lee, D. K. Karig, J. P. McGregor, and Z. Shi. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the 2003 International Conference on Security in Pervasive Computing, 2003.]]

[14]

G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the $29^th$ ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2002.]]

Digital Library

[15]

T. Newsham. Format string attacks. Guardent, Inc., September 2000. http://www.securityfocus.com/guest/3342.]]

[16]

A. One. Smashing the stack for fun and profit. Phrack, 7(49), Nov. 1996.]]

[17]

PaX Team. Non executable data pages. http://pageexec.virtualave.net/pageexec.txt.]]

[18]

O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.]]

[19]

H. J. Saal and I. Gat. A hardware architecture for controlling information flow. In Proceedings of the 5th Annual Symposium on Computer Architecture, 1978.]]

Digital Library

[20]

Scut. Exploiting format string vulnerabilities. TESO Security Group, September 2001. http://www.team-teso.net/articles/formatstring.]]

[21]

U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Automated detection of format-string vulnerabilities using type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001.]]

Digital Library

[22]

P. Shivakumar and N. J. Jouppi. CACTI 3.0: An integrated cache timing, power, and area model. Technical report, WRL Research Report, Feb. 2001.]]

[23]

Vendicator. Stackshield: A "stack smashing" technique protection tool for linux. http://www.angelfire.com/sk/stackshield/.]]

[24]

J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, 2003.]]

[25]

E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 304--316, 2002.]]

Digital Library

[26]

J. Xu, Z. Kalbarczjk, S. Patel, and R. K. Iyer. Architecture support for defending against buffer overflow attacks. In Proceedings of the 2nd Workshop on Evaluating and Architecting System dependability (EASY), 2002.]]

Cited By

Jin JZhu TYuan QChen TLv MZheng CMei JPan X(2025)PDCleaner: A multi-view collaborative data compression method for provenance graph-based APT detection systemsComputers & Security10.1016/j.cose.2025.104359152(104359)Online publication date: May-2025
https://doi.org/10.1016/j.cose.2025.104359
Keromytis A(2025)Buffer Overflow AttacksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_502(309-312)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_502
Basu K(2025)Security Verification of System-on-Chips (SoCs)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1647(2352-2354)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1647
Show More Cited By

Index Terms

Secure program execution via dynamic information flow tracking
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Secure program execution via dynamic information flow tracking
ASPLOS 2004

We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...
Secure program execution via dynamic information flow tracking
ASPLOS '04

We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...
Secure program execution via dynamic information flow tracking
ASPLOS XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems

We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 39, Issue 11

ASPLOS '04

November 2004

283 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1037187

Issue’s Table of Contents

ASPLOS XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
October 2004
296 pages
ISBN:1581138040
DOI:10.1145/1024393
General Chair:
Shubu Mukherjee
Intel Corporation
,
Program Chair:
Kathryn S. McKinley
University of Texas at Austin

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2004

Published in SIGPLAN Volume 39, Issue 11

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

638
Total Citations
View Citations
4,070
Total Downloads

Downloads (Last 12 months)156
Downloads (Last 6 weeks)28

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jin JZhu TYuan QChen TLv MZheng CMei JPan X(2025)PDCleaner: A multi-view collaborative data compression method for provenance graph-based APT detection systemsComputers & Security10.1016/j.cose.2025.104359152(104359)Online publication date: May-2025
https://doi.org/10.1016/j.cose.2025.104359
Keromytis A(2025)Buffer Overflow AttacksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_502(309-312)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_502
Basu K(2025)Security Verification of System-on-Chips (SoCs)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1647(2352-2354)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1647
Zhang YLiu TWang YQi YJi KTang JWang XLi XZuo Z(2024)HardTaint: Production-Run Dynamic Taint Analysis via Selective Hardware TracingProceedings of the ACM on Programming Languages10.1145/36897688:OOPSLA2(1615-1640)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689768
Ceesay-Seitz KSolt FRazavi KLuo BLiao XXu JKirda ELie D(2024)μCFI: Formal Verification of Microarchitectural Control-flow IntegrityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690344(213-227)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690344
Goli MDrechsler R(2024)Early SoCs Information Flow Policies Validation Using SystemC-Based Virtual Prototypes at the ESLACM Transactions on Embedded Computing Systems10.1145/354478023:5(1-20)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.1145/3544780
Moothedath SSahabandu DAllen JClark ABushnell LLee WPoovendran R(2024)Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game ApproachIEEE Transactions on Automatic Control10.1109/TAC.2024.340367569:10(6684-6699)Online publication date: Oct-2024
https://doi.org/10.1109/TAC.2024.3403675
Zhao JKrishnan S(2024)Compression and In-Situ Query Processing for Fine-Grained Array Lineage2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00281(3654-3667)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00281
Moothedath SSahabandu DAllen JBushnell LLee WPoovendran R(2024)Stochastic Dynamic Information Flow Tracking game using supervised learning for detecting advanced persistent threatsAutomatica (Journal of IFAC)10.1016/j.automatica.2023.111353159:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.automatica.2023.111353
Hou ZXiao LZhu HVinh P(2024)Formalization and Analysis of Aeolus-based File System from Process Algebra PerspectiveMobile Networks and Applications10.1007/s11036-024-02332-w29:1(273-285)Online publication date: 13-Sep-2024
https://doi.org/10.1007/s11036-024-02332-w
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents