ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An architecture a day keeps the hacker away
Full text PdfPdf (328 KB)
Source ACM SIGARCH Computer Architecture News archive
Volume 33 ,  Issue 1  (March 2005) table of contents
Special issue: Workshop on architectural support for security and anti-virus (WASSA)
SPECIAL ISSUE: Workshop on architectural support for security and anti-virus (WASSA) table of contents
Pages: 34 - 41  
Year of Publication: 2005
ISSN:0163-5964
Authors
David A. Holland  Harvard University
Ada T. Lim  Harvard University
Margo I. Seltzer  Harvard University
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 52,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1055626.1055632
What is a DOI?

ABSTRACT

System security as it is practiced today is a losing battle. In this paper, we outline a possible comprehensive solution for binary-based attacks, using virtual machines, machine descriptions, and randomization to achieve broad heterogeneity at the machine level. This heterogeneity increases the "cost" of broad-based binary attacks to a sufficiently high level that they cease to become feasible. The convergence of several recent technologies appears to make our approach achievable at a reasonable cost, with only moderate run-time overhead.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Mark W. Bailey , Jack W. Davidson, A formal model and specification language for procedure calling conventions, Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.298-310, January 23-25, 1995, San Francisco, California, United States  [doi>10.1145/199448.199517]
2
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
3
S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120, Washington, DC, August 2003.
 
4
C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard#8482;: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91--104, Washington, DC, August 2003.
 
5
C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Automatic detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
 
6
S. Forrest , A. Somayaji , D. Ackley, Building Diverse Computer Systems, Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), p.67, May 05-06, 1997
7
Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
8
D. Geer, R. Bace, P. Gutmann, P. Metzger, C. Pfleeger, J. Quarterman, and B. Schneier. Cyber insecurity: The cost of monopoly. Technical report, Computer & Communications Industry Association, 2003.
9
Gaurav S. Kc , Angelos D. Keromytis , Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948146]
 
10
Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
 
11
Norman Ramsey , Jack W. Davidson, Machine Descriptions to Build Tools for Embedded Systems, Proceedings of the ACM SIGPLAN Workshop on Languages, Compilers, and Tools for Embedded Systems, p.176-192, June 01, 1998
 
12
D. Seeley. A tour of the worm. In Proceedings of the 1989 Winter USENIX Conference, January 1989.
 
13
K. Seifried. Honeypotting with vmware - basics, 2002. Online. Internet. March 9, 2004. Available WWW: http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html.
 
14
J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd Symposium on Reliable and Distributed Systems, Florence, Italy, October 2003.

CITED BY
Yousra Alkabani , Farinaz Koushanfar, N-variant IC design: methodology and applications, Proceedings of the 45th annual conference on Design automation, June 08-13, 2008, Anaheim, California

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Algorithms, Design, Security

Collaborative Colleagues:
David A. Holland: colleagues
Ada T. Lim: colleagues
Margo I. Seltzer: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player