research-article

Open access

Protect the System Call, Protect (Most of) the World with BASTION

Authors:

Christopher Jelesnianski,

Mohannad Ismail,

Changwoo MinAuthors Info & Claims

ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3

Pages 528 - 541

https://doi.org/10.1145/3582016.3582066

Published: 25 March 2023 Publication History

Abstract

System calls are a critical building block in many serious security attacks, such as control-flow hijacking and privilege escalation attacks. Security-sensitive system calls (e.g., execve, mprotect), especially play a major role in completing attacks. Yet, few defense efforts focus to ensure their legitimate usage, allowing attackers to maliciously leverage system calls in attacks.

In this paper, we propose a novel System Call Integrity, which enforces the correct use of system calls throughout runtime. We propose three new contexts enforcing (1) which system call is called and how it is invoked (Call Type), (2) how a system call is reached (Control Flow), and (3) that arguments are not corrupted (Argument Integrity). Our defense mechanism thwarts attacks by breaking the critical building block in their attack chains.

We implement BASTION, as a compiler and runtime monitor system, to demonstrate the efficacy of the three system call contexts. Our security case study shows that BASTION can effectively stop all the attacks including real-world exploits and recent advanced attack strategies. Deploying BASTION on three popular system call-intensive programs, NGINX, SQLite, and vsFTPd, we show BASTION is secure and practical, demonstrating overhead of 0.60%, 2.01%, and 1.65%, respectively.

References

[1]

2022. 64-bit Linux Return Oriented Programming. https://crypto.stanford.edu/ blynn/rop/

[2]

2022. 64-bit ROP | You rule ‘em all!. https://0x00sec.org/t/64-bit-rop-you-rule-em-all/1937

[3]

2022. Analysis of Defenses against Return Oriented Programming. https://www.eit.lth.se/sprapport.php?uid=829/

[4]

2022. ARM exploitation - Defeating DEP - executing mprotect. https://blog.3or.de/arm-exploitation-defeating-dep-executing-mprotect.html

[5]

2022. Bypass DEP/NX and ASLR with Return Oriented Programming Technique. https://medium.com/4ndr3w/linux-x86-bypass-dep-nx-and-aslr-with-return-oriented-programming-ef4768363c9a/

[6]

2022. Bypassing non-executable memory, ASLR and stack canaries on x86-64 Linux. https://www.antoniobarresi.com/security/exploitdev/2014/05/03/64bitexploitation/

[7]

2022. Bypassing non-executable-stack during Exploitation (return-to-libc). https://www.exploit-db.com/papers/13204/

[8]

2022. Crashmail 1.6 - Stack-Based Buffer Overflow (ROP). https://www.exploit-db.com/exploits/44331/

[9]

2022. DBT-2. https://github.com/nuodb/dbt2

[10]

2022. dkftpbench v0.45. http://www.kegel.com/dkftpbench/

[11]

2022. Exploitation - Returning to libc. https://www.exploit-db.com/papers/13197/

[12]

2022. HT Editor 2.0.20 - Local Buffer Overflow (ROP). https://www.exploit-db.com/exploits/22683/

[13]

2022. Introduction to Return Oriented Programming (ROP). https://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html/

[14]

2022. NGINX Web Server. nginx.org/

[15]

2022. PHP 5.3.6 - Local Buffer Overflow (ROP). https://www.exploit-db.com/exploits/17486/

[16]

2022. PMS 0.42 - Local Stack-Based Overflow (ROP). https://www.exploit-db.com/exploits/44426/

[17]

2022. Return Oriented Programming and ROPgadget tool. http://shell-storm.org/blog/Return-Oriented-Programming-and-ROPgadget-tool/

[18]

2022. Return-Oriented-Programming (ROP FTW). http://www.exploit-db.com/docs/english/28479-return-oriented-programming-(rop-ftw).pdf

[19]

2022. ROP-CTF101. https://ctf101.org/binary-exploitation/return-oriented-programming/

[20]

2022. Simple ROP Exploit Example. https://gist.github.com/mayanez/c6bb9f2a26fa75261a9a26a0a637531b/

[21]

2022. vsftpd. http://www.kegel.com/dkftpbench/

[22]

Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS). Alexandria, VA.

Digital Library

[23]

Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu. 2021. SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In 30th USENIX Security Symposium (USENIX Security 21).

[24]

Ioannis Agadakos, Di Jin, David Williams-King, Vasileios P Kemerlis, and Georgios Portokalidis. 2019. Nibbler: Debloating Binary Shared Libraries. In Proceedings of the 35th Annual Computer Security Applications Conference. 70–83.

Digital Library

[25]

Salman Ahmed, Ya Xiao, Kevin Z Snow, Gang Tan, Fabian Monrose, and Danfeng Yao. 2020. Methodologies for quantifying (Re-) randomization security and timing under JIT-ROP. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1803–1820.

Digital Library

[26]

Massimo Bernaschi, Emanuele Gabrielli, and Luigi V Mancini. 2000. Operating system enhancements to prevent the misuse of system calls. In Proceedings of the 7th ACM conference on Computer and communications security. 174–183.

Digital Library

[27]

Nathan Burow, Scott A Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance. ACM Computing Surveys (CSUR), 50, 1 (2017), 16.

Digital Library

[28]

Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining Light on Shadow Stacks. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[29]

Nicholas Carlini and David Wagner. 2014. ROP is Still Dangerous: Breaking Modern Defenses. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.

[30]

Scott A Carr and Mathias Payer. 2017. Datashield: Configurable data confidentiality and integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193–204.

Digital Library

[31]

Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing software by enforcing data-flow integrity. In Proceedings of the 7th symposium on Operating systems design and implementation. 147–160.

Digital Library

[32]

Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats. In USENIX Security Symposium. 5.

[33]

Yueqiang Cheng, Zongwei Zhou, Yu Miao, Xuhua Ding, and Robert H Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. Feb.

[34]

Stephen J Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, and Michael Franz. 2015. It’s a TRaP: Table Randomization and Protection Against Function-reuse Attacks. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[35]

Thurston H.Y. Dang, Petros Maniatis, and David Wagner. 2015. The Performance Cost of Shadow Stacks and Stack Canaries. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Singapore, Republic of Singapore.

Digital Library

[36]

Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P Kemerlis. 2020. sysfilter: Automated system call filtering for commodity software. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 459–474.

[37]

Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada.

[38]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado. 901–913.

Digital Library

[39]

Lang Feng, Jiayi Huang, Jeff Huang, and Jiang Hu. 2021. Toward Taming the Overhead Monster for Data-flow Integrity. ACM Transactions on Design Automation of Electronic Systems (TODAES), 27, 3 (2021), 1–24.

Digital Library

[40]

Xinyang Ge, Weidong Cui, and Trent Jaeger. 2017. Griffin: Guarding control flows using intel processor trace. In Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Xi’an, China.

Digital Library

[41]

Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis. 2020. Confine: Automated system call policy generation for container attack surface reduction. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 443–458.

[42]

Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal system call specialization for attack surface reduction. In 29th USENIX Security Symposium (USENIX Security 20). 1749–1766.

[43]

Will Glozer. 2019. a HTTP benchmarking tool. https://github.com/wg/wrk

[44]

Enes Göktas, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis. 2014. Out of control: Overcoming control-flow integrity. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[45]

Jens Grossklags and Claudia Eckert. 2018. τ CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries. In Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion, Crete, Greece.

[46]

Yufei Gu, Qingchuan Zhao, Yinqian Zhang, and Zhiqiang Lin. 2017. PT-CFI: Transparent backward-edge control flow violation detection using intel processor trace. In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY). Scottsdale, AZ.

Digital Library

[47]

Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang. 2015. Automatic Generation of $Data-Oriented$ Exploits. In 24th USENIX Security Symposium (USENIX Security 15). 177–192.

[48]

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, ON, Canada.

Digital Library

[49]

Mohannad Ismail, Jinwoo Yom, Christopher Jelesnianski, Yeongjin Jang, and Changwoo Min. 2021. VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. In CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021. ACM, 1612–1626. https://doi.org/10.1145/3460120.3485376

Digital Library

[50]

Ismail, Mohannad and Yom, Jinwoo and Jelesnianski, Christopher and Jang, Yeongjin and Min, Changwoo. 2021. VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1612–1626.

[51]

Jake Edge. 2012. A library for seccomp filters. https://lwn.net/Articles/494252/

[52]

Sunwoo Jang, Somin Song, Byungchul Tak, Sahil Suneja, Michael V. Le, Chuan Yue, and Dan Williams. 2022. SecQuant: Quantifying Container System Call Exposure. In Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS). 145–166.

Digital Library

[53]

Jonathan Corbet. 2004. x86 NX support. https://lwn.net/Articles/87814/

[54]

Jonathan Corbet. 2005. Securely renting out your CPU with Linux. January, https://lwn.net/Articles/120647/

[55]

Jonathan Corbet. 2019. New system calls for memory management. https://lwn.net/Articles/789153/

[56]

The kernel development community. [n. d.]. Seccomp BPF (SECure COMPuting with filters). https://lwn.net/Articles/656307/

[57]

Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, and Yueqiang Cheng. 2019. Adaptive Call-site Sensitive Control Flow Integrity. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). 95–110.

[58]

Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. 2019. Origin-sensitive control flow integrity. In 28th USENIX Security Symposium (USENIX Security 19). 195–211.

[59]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[60]

Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R Sekar, and Dawn Song. 2014. Code-pointer Integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Broomfield, Colorado. 147–163.

Digital Library

[61]

Larabel, Michael. 2018. Glibc 2.28 Released With Unicode 11.0 Support, Statx & Intel Improvements. https://www.phoronix.com/news/Glibc-2.28-Released

[62]

Larabel, Michael. 2020. Intel Confirms CET Security Support For Tiger Lake. https://www.phoronix.com/news/Intel-CET-Tiger-Lake

[63]

Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, Yuewu Wang, and Qi Li. 2017. SPEAKER: Split-phase execution of application containers. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 230–251.

[64]

Linux Programmer’s Manual. 2023. PTRACE(2) – Linux manual page. https://man7.org/linux/man-pages/man2/ptrace.2.html

[65]

lwn.net. 2018. GNU C Library 2.28 released. https://lwn.net/Articles/761462/

[66]

Ali Jose Mashtizadeh, Andrea Bittau, Dan Boneh, and David Mazières. 2015. CCFI: Cryptographically Enforced Control Flow Integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[67]

Microsoft Support. 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in

[68]

Shachee Mishra and Michalis Polychronakis. 2020. Saffire: Context-sensitive function specialization against code reuse attacks. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). 17–33.

[69]

Ben Niu and Gang Tan. 2014. Modular control-flow integrity. In Proceedings of the 2014 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). Edinburgh, UK.

Digital Library

[70]

National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2012-0809. https://nvd.nist.gov/vuln/detail/CVE-2012-0809

[71]

National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2013-2028. https://nvd.nist.gov/vuln/detail/CVE-2013-2028

[72]

National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2014-1912. https://nvd.nist.gov/vuln/detail/CVE-2014-1912

[73]

National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2014-8668. https://nvd.nist.gov/vuln/detail/CVE-2014-8668

[74]

National Institute of Standards and Technology. National Vulnerability Database. 2015. CVE-2015-8617. https://nvd.nist.gov/vuln/detail/CVE-2015-8617

[75]

National Institute of Standards and Technology. National Vulnerability Database. 2016. CVE-2016-10190. https://nvd.nist.gov/vuln/detail/CVE-2016-10190

[76]

National Institute of Standards and Technology. National Vulnerability Database. 2016. CVE-2016-10191. https://nvd.nist.gov/vuln/detail/CVE-2016-10191

[77]

Shankara Pailoor, Xinyu Wang, Hovav Shacham, and Isil Dillig. 2020. Automated policy synthesis for system call sandboxing. Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 1–26.

Digital Library

[78]

Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC.

[79]

Chenxiong Qian, Hong Hu, Mansour A Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA.

[80]

Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating software through piece-wise compilation and loading. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD. 869–886.

[81]

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, and Michael Franz. 2017. Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[82]

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[83]

Vedvyas Shanbhogue, Deepak Gupta, and Ravi Sahita. 2019. Security analysis of processor instruction set architecture for enforcing control-flow integrity. In Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy. 1–11.

Digital Library

[84]

sourceware.org. 2018. V2 [PATCH 24/24] Intel CET: Document –enable-cet. https://sourceware.org/legacy-ml/libc-alpha/2018-07/msg00550.html

[85]

SQLite. [n. d.]. SQLite. https://www.sqlite.org/index.html

[86]

Zhichuang Sun, Bo Feng, Long Lu, and Somesh Jha. 2020. OAT: Attesting operation integrity of embedded devices. In 2020 IEEE Symposium on Security and Privacy (SP). 1433–1449.

[87]

The Clang Team. 2022. Clang 16 documentation: CONTROL FLOW INTEGRITY. https://clang.llvm.org/docs/ControlFlowIntegrity.html

[88]

The PAX Team. 2003. Address Space Layout Randomization. https://pax.grsecurity.net/docs/aslr.txt

[89]

Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.

[90]

Torvalds, Linus. 2022. syscall_64.tbl. https://github.com/torvalds/linux/blob/master/arch/x86/entry/syscalls/syscall_64.tbl

[91]

Victor van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. Practical context-sensitive CFI. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[92]

Victor Van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. Practical context-sensitive CFI. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 927–940.

Digital Library

[93]

Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, and Cristiano Giuffrdia. 2017. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). Dallas, TX.

Digital Library

[94]

Zhiyuan Wan, David Lo, Xin Xia, Liang Cai, and Shanping Li. 2017. Mining sandboxes for linux containers. In 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST). 92–102.

[95]

Mingwei Zhang and R Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC.

Cited By

Rajagopalan VPortokalidis GCraven RMickelson M(2024)Evaluating the Effect of Improved Indirect Call Resolution on System Call DebloatingProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695791(1-6)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695791
Her JJo CPark TLee S(2024)KubeRosy: A Dynamic System Call Filtering Framework for ContainersIEEE Access10.1109/ACCESS.2024.348677212(159889-159901)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3486772
Rajagopalan VKleftogiorgos KGöktas EXu JPortokalidis GMeng WJensen CCremers CKirda E(2023)SysPart: Automated Temporal System Call Filtering for BinariesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623207(1979-1993)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623207

Index Terms

Protect the System Call, Protect (Most of) the World with BASTION
1. Security and privacy
  1. Software and application security

Recommendations

A security architecture to protect against the insider threat from damage, fraud and theft
CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies

The insider threat poses a significant and increasing problem for organizations. This is shown by the regular stories of fraud and data loss reported daily in the media in the US and elsewhere. There is a need to provide systematic protection from ...
Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems
NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop

As information security shifts from the realm of computer science to national security, the priority for safe and secure systems will be balanced against the appeal of using information insecurity as a strategic asset. In "cyber war", those tasked with ...
Dynamic Binary User-Splits to Protect Cloud Servers from DDoS Attacks
ICCC '13: Proceedings of the Second International Conference on Innovative Computing and Cloud Computing

Several overlay-based solutions have been proposed to protect network servers from DoS/DDoS attacks. The common objective in the existing solutions is to prevent the attacking traffic from reaching the servers by hiding the location of target server ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3

March 2023

820 pages

ISBN:9781450399180

DOI:10.1145/3582016

General Chair:
Tor M. Aamodt
University of British Columbia, Canada
,
Program Chairs:
Natalie Enright Jerger
University of Toronto, Canada
,
Michael Swift
University of Wisconsin-Madison, USA

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 March 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ASPLOS '23

Sponsor:

ASPLOS '23: 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3

March 25 - 29, 2023

BC, Vancouver, Canada

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
1,506
Total Downloads

Downloads (Last 12 months)663
Downloads (Last 6 weeks)42

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rajagopalan VPortokalidis GCraven RMickelson M(2024)Evaluating the Effect of Improved Indirect Call Resolution on System Call DebloatingProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695791(1-6)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695791
Her JJo CPark TLee S(2024)KubeRosy: A Dynamic System Call Filtering Framework for ContainersIEEE Access10.1109/ACCESS.2024.348677212(159889-159901)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3486772
Rajagopalan VKleftogiorgos KGöktas EXu JPortokalidis GMeng WJensen CCremers CKirda E(2023)SysPart: Automated Temporal System Call Filtering for BinariesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623207(1979-1993)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623207

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten