Article

XFI: software guards for system address spaces

Authors:

George C. NeculaAuthors Info & Claims

OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7

Page 6

Published: 06 November 2006 Publication History

Publisher Site

Abstract

XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model. We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter. We have applied XFI to software such as device drivers and multimedia codecs. The resulting modules function safely within both kernel and user-mode address spaces, with only modest enforcement overheads.

Cited By

View all

Li JMiller SZhuo DChen AHowell JAnderson TAngel SKasikci BKohler E(2021)An incremental path towards a safer OS kernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465277(183-190)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465277
Sani AAnderson T(2019)The Case for I/O-Device-as-a-ServiceProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321446(66-72)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321446
Miller SZhang KZhuo DXu SKrishnamurthy AAnderson T(2019)Practical Safe Linux Kernel ExtensibilityProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321429(170-176)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321429
Show More Cited By

Index Terms

Recommendations

XFI: software guards for system address spaces
OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation

XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline ...
Linux on HP Integrity Servers
Ubuntu 7.10 linux® unleashed, third edition

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7

November 2006

53 pages

Publisher

USENIX Association

United States

Publication History

Published: 06 November 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

89
Total Citations
View Citations
7
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Li JMiller SZhuo DChen AHowell JAnderson TAngel SKasikci BKohler E(2021)An incremental path towards a safer OS kernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465277(183-190)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465277
Sani AAnderson T(2019)The Case for I/O-Device-as-a-ServiceProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321446(66-72)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321446
Miller SZhang KZhuo DXu SKrishnamurthy AAnderson T(2019)Practical Safe Linux Kernel ExtensibilityProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321429(170-176)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321429
Kwon DYi HCho YPaek Y(2019)Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege SeparationACM Transactions on Privacy and Security10.1145/330969822:2(1-30)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.1145/3309698
Williams DKoller RLucina MPrakash N(2018)Unikernels as ProcessesProceedings of the ACM Symposium on Cloud Computing10.1145/3267809.3267845(199-211)Online publication date: 11-Oct-2018
https://dl.acm.org/doi/10.1145/3267809.3267845
Narayan ACangialosi FRaghavan DGoyal PNarayana SMittal RAlizadeh MBalakrishnan HGorinsky STapolcai J(2018)Restructuring endpoint congestion controlProceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication10.1145/3230543.3230553(30-43)Online publication date: 7-Aug-2018
https://dl.acm.org/doi/10.1145/3230543.3230553
Zieris PHorsch JKim JAhn GKim SKim YLopez JKim T(2018)A Leak-Resilient Dual Stack Scheme for Backward-Edge Control-Flow IntegrityProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196531(369-380)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3196494.3196531
Koning KChen XBos HGiuffrida CAthanasopoulos E(2017)No Need to HideProceedings of the Twelfth European Conference on Computer Systems10.1145/3064176.3064217(437-452)Online publication date: 23-Apr-2017
https://dl.acm.org/doi/10.1145/3064176.3064217
Cho YKwon DPaek Y(2017)Instruction-Level Data Isolation for the Kernel on ARMProceedings of the 54th Annual Design Automation Conference 201710.1145/3061639.3062267(1-6)Online publication date: 18-Jun-2017
https://dl.acm.org/doi/10.1145/3061639.3062267
Hawkins BDemsky BUchitel SOrso ARobillard M(2017)ZenIDSProceedings of the 39th International Conference on Software Engineering10.1109/ICSE.2017.29(232-243)Online publication date: 20-May-2017
https://dl.acm.org/doi/10.1109/ICSE.2017.29
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations