Continuous, Low Overhead, Run-Time Validation of Program Executions
Erdem Aktas, Furat Afram, Kanad Ghose
Publication date: 2014/12/13
Conference Name: Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture
Pages: 229-241
Publisher: IEEE Computer Society
Description
Abstract— The construction of trustworthy systems demands that the execution of every piece of code is validated as genuine, that is, the executed codes do exactly what they are supposed to do. Pre-execution validations of code integrity fail to detect run time compromises like code injection, return and jump-oriented programming, and illegal dynamic linking of program modules. We propose and evaluate a generalized mechanism called REV (for Run-time Execution Validator) that can be easily integrated into a contemporary out-of-order processor to validate, as the program executes, the control flow path and instructions executed along the control flow path. To prevent memory from being tainted by compromised code, REV also prevents updates to the memory from a basic block until its execution has been authenticated. Although control flow signature based authentication of an execution has been suggested before for software testing and for restricted cases of embedded systems, their extensions to out-of-order cores is a non-incremental effort from a microarchitectural standpoint. Unlike REV, the existing solutions do not scale with binary sizes, require binaries to be altered or require new ISA support and also fail to contain errors and, in general, impose a heavy performance penalty. We show, using a detailed cycle accurate micro architectural simulator for an out-of-order pipeline implementing the X86 ISA that the performance overhead of REV is limited to 1.87% on the average across the SPEC 2006 benchmarks.
System and method for authenticating remote execution
Inventors: Kanad Ghose, Erdem Aktas,
Publication date: 2012/10/9
Patent office: US
Patent number: 8285999
Application number: 12/631839
Description
With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. A generic framework is provided for authenticating remote executions on a potentially untrusted remote server—essentially validating that what is …
Abstract With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server–essentially …
Institution: STATE UNIVERSITY OF NEW YORK AT BINGHAMTON
Description
Abstract: Constructing trustworthy computer systems requires validating that every executed
piece of code is genuine and that the programs do exactly what they are supposed to do.
However, pre-execution code integrity validations can fail to detect run-time compromises,
such as code injection, return and jump-oriented programming, and illegal linking of code to
compromised library functions. In this dissertation, we propose and investigate three distinct
mechanisms for authenticating code execution at run-time. The common goal of these …
Run-time control flow authentication: an assessment on contemporary x86 platforms
Authors: Erdem Aktas, Kanad Ghose
Publication date: 2013/3/18
Conference Name: Proceedings of the 28th Annual ACM Symposium on Applied Computing
Pages: 1859-1866
Publisher: ACM
Description
Abstract: We propose and experimentally evaluate a technique of authenticating the execution of a program through the continuous run-time validation of control flow. Control flow authentication is useful in detecting security violations that alter the normal flow of control at run time through techniques such as call stack smashing, return and jump-oriented programming. Our technique relies on the use of existing support for branch tracing in contemporary processors, typified by the branch trace store (BTS) mechanism of …
Conference Name: Parallel, Distributed and Network-Based Processing (PDP), 2012 20th Euromicro International Conference on
Pages: 359-367
Publisher: IEEE
Description
Abstract: We address the problem of improving the energy efficiency of servers that provide web-based services, including services provided through clouds. We propose an automated technique for allocating workload to servers to operate the fewest number of servers that are needed to cope with the instantaneous workload, leaving some headroom for workload surges. The technique requires no a priori knowledge about individual workloads and manages the server states explicitly. We use synthetic scripts, a small server setup and …