[Pl-seminar] secure execution via program shepherding
Mitchell Wand
wand at ccs.neu.edu
Thu, 16 May 2002 14:53:34 -0400
Not sure what the overlap is here, but it sounded
interesting... --Mitch
------- start of forwarded message (RFC 934 encapsulation) -------
- -----Original Message-----
From: Ronald L. Rivest [mailto:rivest@mit.edu]
Sent: Wednesday, May 15, 2002 11:20 PM
To: cis-seminars@theory.lcs.mit.edu
Subject: Fwd: last ASRG of the semester, secure execution via program
shepherding
Hi all --
This talk by Saman Amarasinghe is very interesting!
(This is an ASRG talk; not a cis seminar, but it is
open...)
Cheers,
Ron
>Next week (not today!), Professor Saman Amarasinghe will present...
>
>Topic: Secure Execution Via Program Shepherding
>Who: Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe
>When: Wednesday, May 22 3-4pm
>Where: NE43-516
>
> We introduce {\em program shepherding}, a method for monitoring control
> flow transfers during program execution to enforce security policies.
> Program shepherding provides three techniques as building blocks for
> security policies. First, shepherding can restrict execution privileges
> on the basis of code origins. This distinction can ensure that
> malicious code masquerading as data is never executed, thwarting a large
> class of security attacks. Second, shepherding can restrict control
> transfers based on instruction class, source, and target. For example,
> shepherding can forbid execution of shared library code except through
> declared entry points, and can ensure that a return instruction only
> targets the instruction after a call. Finally, shepherding guarantees
> that sandboxing checks placed around any type of program operation will
> never be bypassed. We have implemented these capabilities efficiently
> in a runtime system with minimal or no performance penalties. This
> system operates on unmodified native binaries, requires no special
> hardware or operating system support, and runs on existing IA-32
> machines under both Linux and Windows.
>
>http://www.cag.lcs.mit.edu/commit/papers/02/RIO-security-usenix.pdf
>
>This paper will be presented at the USENIX Security Symposium in August.
>See http://pdos.lcs.mit.edu/asrg/ for more information.
>
>----------
>Kevin E. Fu (fubob@mit.edu)
Ronald L. Rivest
Room 324, 200 Technology Square, Cambridge MA 02139
Tel 617-253-5880, Fax 617-258-9738, Email <rivest@mit.edu>
------- end -------