Most of today's computers are connected to the Internet or at least to a local network, exposing system vulnerabilities to the potential attackers. One of the attackers' goals is the execution of the unauthorized code. In this paper we propose a framework that will allow execution of the trusted code only and prevent malicious code from executing. The proposed framework relies on the run-time verification of basic block signatures. The basic block signatures are generated during a trusted installation process, using a signature function with secret coefficients and the address of the basic block within a program. The result of the trusted installation is the encrypted basic block signature table (BBST), which is appended to the program binary. The potential of the proposed framework is evaluated using traces of SPEC CPU2000 benchmarks. The results indicate that the proposed mechanism does not have a large negative impact on performance.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	J. Wilander, M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the 10th Network and Distributed System Security Symposium, San Diego, CA, February 2003, pp. 149--162.
	2	G. E. Suh, J. Lee, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. Technical Report MIT-LCS-TR-912, Computer Science and Artificial Intelligence Laboratory, MIT, 2003.
	3	A. Milenkovic and M. Milenkovic. Exploiting Streams in Instruction and Data Address Trace Compression. In Proceedings of IEEE 6th Annual Workshop on Workload Characterization, Austin, TX, October 2003, pp. 99--107.
	4	SPEC 2000 Benchmark Suite, <u>http://www.spec.org</u>
	5	D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of Networking and Distributed System Security Symposium 2000, San Diego, CA, February 2000.
	6	Darko Kirovski , Milenko Drinić , Miodrag Potkonjak, Enabling trusted software integrity, Proceedings of the 10th international conference on Architectural support for programming languages and operating systems, October 05-09, 2002, San Jose, California
	7	C. Warrender, S. Forrest, and B. Pearlmutter. Detecting Intrusions Using System Calls: Alternative Data Models. In IEEE Symposium on Security and Privacy, Oakland, CA, 1999, pp. 133--145.
	8	I. Sato, Y. Okazaki, and S. Goto. An Improved Intrusion Detection Method Based on Process Profiling. IPSJ Journal, Vol.43, No.11, pp. 3316--3326, November 2002.
	9	R. Sekar , Thomas F. Bowen , Mark E. Segal, On Preventing Intrusions by Process Behavior Monitoring, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.29-40, April 09-12, 1999
	10	S. A. Hofmeyr, S. Forrest and A. Somayaji. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, Vol. 6, 1998, pp. 151--180.
	11	D. L. Oppenheimer and M. R. Martonosi. Performance Signatures: A Mechanism for Intrusion Detection. In Proceedings of the 1997 IEEE Information Survivability Workshop, San Diego, CA, 1997.
	12	J. Xu, Z. Kalbarczyk, S. Patel and R. K. Iyer. Architecture Support for Defending Against Buffer Overflow Attacks. In Proceedings of Workshop on Evaluating and Architecting System Dependability (EASY), San Jose, California, October 2002.