Secure Execution Via Program Shepherding
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Shepherding ensures that malicious code masquerading as data is never executed, thwarting a large class of security attacks. Shepherding can also enforce entry poin...
| Main Authors: | , , |
|---|---|
| Published: |
2023
|
| Online Access: | https://hdl.handle.net/1721.1/149314 |
| _version_ | 1826210076111667200 |
|---|---|
| author | Kiriansky, Vladimir Bruening, Derek Amarasinghe, Saman |
| author_facet | Kiriansky, Vladimir Bruening, Derek Amarasinghe, Saman |
| author_sort | Kiriansky, Vladimir |
| collection | MIT |
| description | We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Shepherding ensures that malicious code masquerading as data is never executed, thwarting a large class of security attacks. Shepherding can also enforce entry points as the only way to execute shared library code. Furthermore, shepherding guarantees that sandboxing checks around any type of program operation will never be bypassed. We have implemented these capabilities efficiently in a runtime system with minimal or no performance penalties. This system operates on unmodified native binaries, requires no special hardware or operating system support, and runs on existing IA-32 machines. |
| first_indexed | 2024-09-23T14:42:02Z |
| id | mit-1721.1/149314 |
| institution | Massachusetts Institute of Technology |
| last_indexed | 2024-09-23T14:42:02Z |
| publishDate | 2023 |
| record_format | dspace |
| spelling | mit-1721.1/1493142023-03-30T03:23:10Z Secure Execution Via Program Shepherding Kiriansky, Vladimir Bruening, Derek Amarasinghe, Saman We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Shepherding ensures that malicious code masquerading as data is never executed, thwarting a large class of security attacks. Shepherding can also enforce entry points as the only way to execute shared library code. Furthermore, shepherding guarantees that sandboxing checks around any type of program operation will never be bypassed. We have implemented these capabilities efficiently in a runtime system with minimal or no performance penalties. This system operates on unmodified native binaries, requires no special hardware or operating system support, and runs on existing IA-32 machines. 2023-03-29T14:42:37Z 2023-03-29T14:42:37Z 2002-02 https://hdl.handle.net/1721.1/149314 MIT-LCS-TM-625 application/pdf |
| spellingShingle | Kiriansky, Vladimir Bruening, Derek Amarasinghe, Saman Secure Execution Via Program Shepherding |
| title | Secure Execution Via Program Shepherding |
| title_full | Secure Execution Via Program Shepherding |
| title_fullStr | Secure Execution Via Program Shepherding |
| title_full_unstemmed | Secure Execution Via Program Shepherding |
| title_short | Secure Execution Via Program Shepherding |
| title_sort | secure execution via program shepherding |
| url | https://hdl.handle.net/1721.1/149314 |
| work_keys_str_mv | AT kirianskyvladimir secureexecutionviaprogramshepherding AT brueningderek secureexecutionviaprogramshepherding AT amarasinghesaman secureexecutionviaprogramshepherding |