Article

Minos: Control Data Attack Prevention Orthogonal to Memory Model

Authors:

Jedidiah R. Crandall,

Frederic T. ChongAuthors Info & Claims

MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture

Pages 221 - 232

https://doi.org/10.1109/MICRO.2004.26

Published: 04 December 2004 Publication History

Abstract

We introduce Minos, a microarchitecture that implements Biba's low-water-mark integrity policy on individual words of data. Minos stops attacks that corrupt control data to hijack program control flow but is orthogonal to the memory model. Control data is any data which is loaded into the program counter on control flow transfer, or any data used to calculate such data. The key is that Minos tracks the integrity of all data, but protects control flow by checking this integrity when a program uses the data for control transfer. Existing policies, in contrast, need to differentiate between control and non-control data a priori, a task made impossible by coercions between pointers and other data types such as integers in the C language. Our implementation of Minos for Red Hat Linux 6.2 on a Pentium-based emulator is a stable, usable Linux system on the network on which we are currently running a web server. Our emulated Minos systems running Linux and Windows have stopped several actual attacks. We present a microarchitectural implementation of Minos that achieves negligible impact on cycle time with a small investment in die area, and minor changes to the Linux kernel to handle the tag bits and perform virtual memory swapping.

References

[1]

{1} Bochs: the Open Source IA-32 Emulation Project (Home Page), http://bochs.sourceforge.net.

[2]

{2} CERT, http://www.cert.org.

[3]

{3} http://minos.cs.ucdavis.edu/.

[4]

{4} Security Focus Vulnerability Notes, www.securityfocus.com.

[5]

{5} D. Alighieri. Inferno, (Robert Pinski Translation).

[6]

{6} B. Babayan. Security, www.elbrus.ru/mcst/eng/ SE- CURE_INFORMATION_SYSTEM_V5_2e.pdf.

[7]

{7} E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM conference on Computer and Communication Security , pages 281-289. ACM Press, 2003.

Digital Library

[8]

{8} K. J. Biba. Integrity Considerations for Secure Computer Systems. In MITRE Technical Report TR-3153, Apr 1977.

[9]

{9} D. Boutcher. The Linux Kernel on iSeries.

[10]

{10} D. D. Bovet and M. Cesati. Understanding the Linux kernel, 2nd. edition. O'Reilly, Sebastopol, CA, 2002.

Digital Library

[11]

{11} C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, M. Frantzen, and J. Lokier. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proc. of the 10th Usenix Security Symposium, Aug 2001.

Digital Library

[12]

{12} C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard': Protecting pointers from buffer overflow vulnerabilities. In Proc. of the 12th Usenix Security Symposium , Aug 2003.

Digital Library

[13]

{13} C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. Stack-Guard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. of the 7th Usenix Security Symposium, pages 63-78, Jan 1998.

Digital Library

[14]

{14} J. R. Crandall and F. T. Chong. A Security Assessment of the Minos Architecture. In Workshop on Architectural Support for Security and Anti-Virus, Oct. 2004.

[15]

{15} T. Fraser. Lomac: Low water-mark integrity protection for COTS environments. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), page 230. IEEE Computer Society, 2000.

Digital Library

[16]

{16} Intel. Press Release, 12 March 2002.

[17]

{17} jp. Advanced Doug lea's malloc() exploits, Phrack 61.

[18]

{18} V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In 11th USENIX Security Symposium, Aug. 2002.

Digital Library

[19]

{19} D. Kirovski, M. Drinic, and M. Potkonjak. Enabling trusted software integrity. In Proceedings of ASPLOS-X, San Jose, CA, 2002.

Digital Library

[20]

{20} C. Ko, T. Fraser, L. Badger, and D. Kilpatrick. Detecting and countering system intrusions using software wrappers. In Proceedings of the USENIX Security Conference, pages 145-156, Jan 2000.

Digital Library

[21]

{21} H. M. Levy. Capability-Based Computer Systems. Butterworth-Heinemann, 1984.

Digital Library

[22]

{22} D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of ASPLOS-IX, pages 168-177, 2000.

Digital Library

[23]

{23} D. Moore, C. Shannon, and J. Brown. Code-Red: A study on the spread and victims of an Internet Worm. In Internet Management Workshop, 2002.

Digital Library

[24]

{24} National Security Agency. Final Evaluation Report, IBM Corporation Application System 400.

[25]

{25} Nergal. The advanced return-into-lib(c) exploits: PaX case study, Phrack 58.

[26]

{26} D. A. Patterson and J. L. Hennessy. Computer Architecture: A Quantitative Approach 3rd. ed. Morgan Kaufmann, San Mateo, 2003.

Digital Library

[27]

{27} F. J. Pollack, G. W. Cox, D. W. Hammerstrom, K. C. Kahn, K. K. Lai, and J. R. Rattner. Supporting ada memory management in the iAPX-432. In Proceedings of ASPLOS-I, pages 117-131. ACM Press, 1982.

Digital Library

[28]

{28} S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proceedings of the USENIX Security Symposium, pages 149-167, 2002.

Digital Library

[29]

{29} G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In Proceedings of the 17th Annual ACM International Conference on Supercomputing, Mar. 2003.

Digital Library

[30]

{30} G. E. Suh, J. Lee, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of ASPLOS-XI, Oct. 2004.

Digital Library

[31]

{31} Trusted Computing Group. TCG Specification: Architecture Overview. 2004.

[32]

{32} N. Tuck, B. Calder, and G. Varghese. Hardware and binary modification support for code pointer protection from buffer overflow. In The 37th International Symposium on Microarchitecture , 2004.

Digital Library

[33]

{33} vnunet news. Microsoft stamps out XP buffer overflows.

[34]

{34} C. Weaver, J. Emer, and S. S. Mukherjee. Techniques to reduce the soft error rate of a high-performance microprocessor. In Proceedings of the 31st annual International Symposium on Computer Architecture, page 264. IEEE Computer Society, 2004.

Digital Library

[35]

{35} E. Witchel, J. Cates, and K. Asanovic. Mondrian Memory Protection. In Proceedings of ASPLOS-X, Oct 2002.

Digital Library

[36]

{36} J. Yang, Y. Zhang, and L. Gao. Fast secure processor for inhibiting software piracy and tampering. In Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, page 351. IEEE Computer Society, 2003.

Digital Library

Cited By

Wang YWu JZheng HNing ZHe BZhang F(2023)Raft: Hardware-assisted Dynamic Information Flow Tracking for Runtime Protection on RISC-VProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607246(595-608)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607246
Hossain MHan JSchneider JJiang JKabir MVersteeg S(2022)Extracting Formats of Service Messages with Varying PayloadsACM Transactions on Internet Technology10.1145/350315922:3(1-31)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1145/3503159
Feng LHuang JHuang JHu J(2021)Toward Taming the Overhead Monster for Data-flow IntegrityACM Transactions on Design Automation of Electronic Systems10.1145/349017627:3(1-24)Online publication date: 17-Nov-2021
https://dl.acm.org/doi/10.1145/3490176
Show More Cited By

Minos: Control Data Attack Prevention Orthogonal to Memory Model
1. Security and privacy
  1. Systems security

Recommendations

Minos: Architectural support for protecting control data

We present Minos, a microarchitecture that implements Biba's low water-mark integrity policy on individual words of data. Minos stops attacks that corrupt control data to hijack program control flow, but is orthogonal to the memory model. Control data ...
A security assessment of the minos architecture
Special issue: Workshop on architectural support for security and anti-virus (WASSA)

Minos is a microarchitecture that implements Biba's low-water-mark integrity policy on individual words of data. Months of testing have revealed a robust system that stops attacks which corrupt control data to hijack program control flow. The low-water-...
MINOS: regulating router dataplane actions in dynamic runtime environments
ACM TURC '17: Proceedings of the ACM Turing 50th Celebration Conference - China

Programmable routers are emerging as a promising alternative which facilitates the deployment of new network technologies, for example, software-defined networking; meanwhile, theirs programmability and openness also bring risks of security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture

December 2004

345 pages

ISBN:0769521266

Sponsors

SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing

Publisher

IEEE Computer Society

United States

Publication History

Published: 04 December 2004

Check for updates

Qualifiers

Article

Conference

MICRO37

Sponsor:

SIGMICRO

MICRO37: The 37th Annual International Symposium on Microarchitecture

December 4 - 8, 2004

Oregon, Portland

Acceptance Rates

MICRO 37 Paper Acceptance Rate 29 of 158 submissions, 18%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Upcoming Conference

MICRO '24

Sponsor:
sigmicro

57th Annual IEEE/ACM International Symposium on Microarchitecture

November 2 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

166
Total Citations
View Citations
609
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang YWu JZheng HNing ZHe BZhang F(2023)Raft: Hardware-assisted Dynamic Information Flow Tracking for Runtime Protection on RISC-VProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607246(595-608)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607246
Hossain MHan JSchneider JJiang JKabir MVersteeg S(2022)Extracting Formats of Service Messages with Varying PayloadsACM Transactions on Internet Technology10.1145/350315922:3(1-31)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1145/3503159
Feng LHuang JHuang JHu J(2021)Toward Taming the Overhead Monster for Data-flow IntegrityACM Transactions on Design Automation of Electronic Systems10.1145/349017627:3(1-24)Online publication date: 17-Nov-2021
https://dl.acm.org/doi/10.1145/3490176
Brant CShrestha PMixon-Baca BChen KVarlioglu SElsayed NJin YCrandall JOliveira D(2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
https://dl.acm.org/doi/10.1145/3483790
Ma LXu JSun JZhou YXie XShen WChang RRen KGunawi HMa X(2021)Revisiting challenges for selective data protection of real applicationsProceedings of the 12th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3476886.3477504(138-145)Online publication date: 24-Aug-2021
https://dl.acm.org/doi/10.1145/3476886.3477504
Delshadtehrani LCanakci SZhou BEldridge SJoshi AEgele MCapkun SRoesner F(2020)PHMonProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489258(807-824)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489258
Xiao QSubialdea BBauer LReiter MLobo JStoller SLiu P(2020)Metering Graphical Data Leakage with SnowmanProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395598(1-12)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395598
Townley DKhasawneh KPonomarev DAbu-Ghazaleh NYu L(2019)LATCHProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358327(969-982)Online publication date: 12-Oct-2019
https://dl.acm.org/doi/10.1145/3352460.3358327
Taram MVenkat ATullsen DBahar IHerlihy MWitchel ELebeck A(2019)Context-Sensitive FencingProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304060(395-410)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304060
Arefi MAlexander GCrandall J(2018)PIITrackerProceedings of the 11th European Workshop on Systems Security10.1145/3193111.3193114(1-6)Online publication date: 23-Apr-2018
https://dl.acm.org/doi/10.1145/3193111.3193114
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents