Article

Memory Protection through Dynamic Access Control

Authors:

Santosh PandeAuthors Info & Claims

MICRO 39: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 123 - 134

https://doi.org/10.1109/MICRO.2006.33

Published: 09 December 2006 Publication History

Abstract

Current anomaly detection schemes focus on control flow monitoring. Recently, Chen et al. [2] discovered that a large category of attacks tamper program data but do not alter control flows. These attacks are not only realistic, but are also as important as classical attacks tampering control flows. Detecting these attacks is a critical issue but has received little attention so far. In this work, we propose an intrusion detection scheme with both compiler and micro-architecture support detecting data tampering directly. The compiler first identifies program regions in which the data should not be modified as per program semantics. Then the compiler performs an analysis to determine the conditions for modification of variables in different program regions and conveys this information to the hardware and the hardware checks the data accesses based on the information. If the compiler asserts that the data should not be modified but there is an attempt to do so at runtime, an attack is detected. The compiler starts with a basic scheme achieving maximum data protection but such a scheme also suffers from high performance overhead. We then attempt to reduce the performance overhead through different optimization techniques. Our experiments show that our scheme achieves strong memory protection with tight control over the performance degradation. Thus, our major contribution is to provide an efficient scheme to detect data tampering while minimizing the overhead.

References

[1]

{1} CERT Coordination Center. www.cert.org.

[2]

{2} S. Chen, J. Xu, E. C. Sezer, P. Gauriar and R. K. Iyer. "Non-Control-Data Attacks Are Realistic Threats," in Proc. USENIX Security Symposium, Baltimore, MD, August 2005.

Digital Library

[3]

{3} S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, "A Sense of Self for Unix Processes," In S&P'96, 1996.

Digital Library

[4]

{4} D. Wagner, D. Dean, "Intrusion Detection via Static Analysis," In S&P'01, 2001.

Digital Library

[5]

{5} R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, "A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors," In S&P'01, 2001.

Digital Library

[6]

{6} H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, W. Gong, "Anomaly Detection Using Call Stack Information," IEEE Symposium on Security and Privacy, 2003.

Digital Library

[7]

{7} A. Kosoresow, S. Hofmeyr, "Intrusion Detection via System Call Traces," IEEE Software, 1997.

Digital Library

[8]

{8} C. Michael, A. Ghosh, "Using Finite Automate to Mine Execution Data for Intrusion Detection: A preliminary Report", RAID 2000.

Digital Library

[9]

{9} D. Gao, M. K. Reiter, D. Song, "On Gray-Box Program Tracking for Anomaly Detection", 13th USENIX Security Symposium, August 2004.

Digital Library

[10]

{10} Debin Gao, Michael K. Reiter and Dawn Song, "Gray-Box Extraction of Execution Graphs for Anomaly Detection", the 11th ACM CCS conf., 2004.

Digital Library

[11]

{11} C. Krügel, D. Mutz, F. Valeur, G. Vigna, "On the Detection of Anomalous System Call Arguments", In Proceedings of ESORICS 2003, 2003.

[12]

{12} T. Zhang, X. Zhuang, S. Pande and W. Lee, "Anomalous Path Detection with Hardware Support". In CASES'05, 2005.

Digital Library

[13]

{13} Doug Burger and Todd M. Austin. "The SimpleScalar Tool Set Version 2.0".

[14]

{14} C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks". 7th USENIX Security Conf.

Digital Library

[15]

{15} D. Callahan and K. Kennedy. "Analysis of Interprocedural Side Effects in a Parallel Programming Environment". Journal of Parallel and Distributed Computing, 1988.

Digital Library

[16]

{16} B. Creusillet and F. Irigoin. "Exact vs. Approximate Array Region Analyses". In Lecture Notes in Computer Science. 1996.

[17]

{17} W. Pugh. "A Practical Algorithm for Exact Array Dependence Analysis". Communications of the ACM, 1992.

Digital Library

[18]

{18} R. Triolet, P. Feautrier, and F. Irigoin. "Direct Parallelism of Call Statements". ACM SIGPLAN Symposium on Compiler Construction, 1986.

Digital Library

[19]

{19} Y. Paek, J. Hoeflinger, and D. Padua. "Efficient and Precise Array Access Analysis". In TOPLAS. 2002.

Digital Library

[20]

{20} Mach-Suif Backend Compiler, The Machine-Suif 2.1 compiler documentation set. Harvard University, Sep. 2001. http://ececs.harvard.edu/hube/research/machsuif.html.

[21]

{21} J. Xu, P. Ning, C. Kil, Y. Zhai and C. Bookholt. "Automatic Diagnosis and Response to Memory Corruption Vulnerabilities". In CCS'05, 2005.

Digital Library

[22]

{22} E. Witchel, J. Cates, and K. Asanovic. "Mondrian Memory Protection". In ASPLOS-X, 2002.

Digital Library

[23]

{23} V. Kiriansky, D. Bruening, S. Amarasinghe. "Secure Execution Via Program Shepherding". In USENIX'02, 2002.

Digital Library

[24]

{24} J. Newsome and D. Song. "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software". In NDSS '05, 2005.

[25]

{25} P. Zhou, W. Liu, F. Long, S. Lu, F. Qin, Yuanyuan Zhou, Sam Midkiff and Josep Torrellas. "AccMon: Automatically Detecting Memory-Related Bugs via Program Counterbased Invariants". In Micro'04, 2004.

Digital Library

[26]

{26} S. Vlaovic, E. S. Davidson, "TAXI: Trace Analysis for X86 Interpretation", In ICCD'02, 2002.

Digital Library

[27]

{27} Wilson, R., and Lam, M., "Efficient context-sensitive pointer analysis for C programs", In PLDI'95, 1995.

Digital Library

Cited By

Hoffman KMetzger HEugster P(2011)RibbonsACM SIGPLAN Notices10.1145/2076021.204809146:10(289-306)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2076021.2048091
Hoffman KMetzger HEugster PLopes CFisher K(2011)RibbonsProceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications10.1145/2048066.2048091(289-306)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2048066.2048091

Index Terms

Memory Protection through Dynamic Access Control
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Memory management
        Main memory

Recommendations

MTD Techniques for Memory Protection Against Zero-Day Attacks
Adversarial and Uncertain Reasoning for Adaptive Cyber Defense
Abstract
During the past 25 years, the arms race between attacks exploiting memory corruption and memory protection techniques has drawn tremendous attention. This book chapter seeks to give an in-depth review of the newest research progress made on ...
Implicit buffer overflow protection using memory segregation
CERIAS '11: Proceedings of the 12th Annual Information Security Symposium

Computing systems continue to be plagued by malicious corruption of instructions and data. Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks ...
Protection Against Denial of Service Attacks

Denial of service (DoS) is a prevalent threat in today's networks because DoS attacks are easy to launch, while defending a network resource against them is disproportionately difficult. Despite the extensive research in recent years, DoS attacks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO 39: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture

December 2006

493 pages

ISBN:0769527329

Sponsors

SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing

Publisher

IEEE Computer Society

United States

Publication History

Published: 09 December 2006

Check for updates

Qualifiers

Article

Conference

Micro-39

Sponsor:

SIGMICRO

Micro-39: The 39th Annual IEEE/ACM International Symposium on Microarchitecture

December 9 - 13, 2006

Acceptance Rates

MICRO 39 Paper Acceptance Rate 42 of 174 submissions, 24%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Upcoming Conference

MICRO '24

Sponsor:
sigmicro

57th Annual IEEE/ACM International Symposium on Microarchitecture

November 2 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
4,751
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hoffman KMetzger HEugster P(2011)RibbonsACM SIGPLAN Notices10.1145/2076021.204809146:10(289-306)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2076021.2048091
Hoffman KMetzger HEugster PLopes CFisher K(2011)RibbonsProceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications10.1145/2048066.2048091(289-306)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2048066.2048091

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents