Software Protection : Validating Control Flow at Run Time Seminars/Workshops
|Place:||Room 308, Bldg 302, SNU|
Software protection has been the focus of numerous academic research and commercial development efforts. Many protection schemes have been proposed to make it difficult to analyze and tamper program behavior. However, the majority of software attacks are based on exploits that alter program behavior at run time such as buffer overflow, format string, and integer overflow. Such exploits remain often untouched even after preventive measures done by the protection schemes. Also, software tools or patches, either removing or detecting known exploits, have been utilized but with limited success because they cannot deal with new types of attacks. Several intrusion detection schemes have been developed to provide protection from yet-unknown new types of attacks but with limited deployment due to high overhead and ineffectiveness. The control flow altering exploits are possible due to a semantic gap in program control flow between the one described by software and the one carried out by machine architecture: control flow tracking at machine instruction level is blindfolded without a validity check in the current processor architecture. Whenever this semantic gap is not properly handled at a higher level by system and application software, it becomes a vulnerability that malicious attacks exploit. Along with a review of technical issues and proposed schemes in software protection, which suggests infeasibility of filling the gap by software alone, this talk introduces an architectural approach for enforcing legitimate control flow tracking at the machine instruction level to fill the semantic gap.
[ List ]