article

An architecture a day keeps the hacker away

Authors:

David A. Holland,

Ada T. Lim,

Margo I. SeltzerAuthors Info & Claims

ACM SIGARCH Computer Architecture News, Volume 33, Issue 1

Pages 34 - 41

https://doi.org/10.1145/1055626.1055632

Published: 01 March 2005 Publication History

Get Access

Abstract

System security as it is practiced today is a losing battle. In this paper, we outline a possible comprehensive solution for binary-based attacks, using virtual machines, machine descriptions, and randomization to achieve broad heterogeneity at the machine level. This heterogeneity increases the "cost" of broad-based binary attacks to a sufficiently high level that they cease to become feasible. The convergence of several recent technologies appears to make our approach achievable at a reasonable cost, with only moderate run-time overhead.

References

[1]

M. W. Bailey and J. W. Davidson. A formal model and specification language for procedure calling conventions. In Proceedings of Principles of Programming Languages (POPL 95), pages 298--310, January 1995.

Digital Library

Google Scholar

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th Symposium on Operating System Principles (SOSP 2003), October 2003.

Digital Library

Google Scholar

[3]

S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120, Washington, DC, August 2003.

Digital Library

Google Scholar

[4]

C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard#8482;: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91--104, Washington, DC, August 2003.

Digital Library

Google Scholar

[5]

C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Automatic detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.

Digital Library

Google Scholar

[6]

S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, pages 67--72, Los Alamitos, CA, 1997.

Digital Library

Google Scholar

[7]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the 19th Symposium on Operating System Principles (SOSP 2003), October 2003.

Digital Library

Google Scholar

[8]

D. Geer, R. Bace, P. Gutmann, P. Metzger, C. Pfleeger, J. Quarterman, and B. Schneier. Cyber insecurity: The cost of monopoly. Technical report, Computer & Communications Industry Association, 2003.

Google Scholar

[9]

G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pages 272--280, Washington, DC, October 2003.

Digital Library

Google Scholar

[10]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium, San Francisco, Aug 2002.

Digital Library

Google Scholar

[11]

N. Ramsey and J. W. Davidson. Machine descriptions to build tools for embedded systems. In Proceedings of the ACM SIGPLAN Workshop on Languages, Compilers, and Tools for Embedded Systems (LCTES'98), pages 172--188, June 1998.

Digital Library

Google Scholar

[12]

D. Seeley. A tour of the worm. In Proceedings of the 1989 Winter USENIX Conference, January 1989.

Google Scholar

[13]

K. Seifried. Honeypotting with vmware - basics, 2002. Online. Internet. March 9, 2004. Available WWW: http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html.

Google Scholar

[14]

J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd Symposium on Reliable and Distributed Systems, Florence, Italy, October 2003.

Google Scholar

Cited By

View all

Abrath BCoppens BBroeck JWyseur BCabutto AFalcarin PSutter B(2020)Code Renewability for Native Software ProtectionACM Transactions on Privacy and Security10.1145/340489123:4(1-31)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3404891
Flikkema PPalmer JYalcin TCambou B(2020)Dynamic Computational Diversity with Multi-Radix Logic and Memory2020 IEEE High Performance Extreme Computing Conference (HPEC)10.1109/HPEC43674.2020.9286255(1-6)Online publication date: 22-Sep-2020
https://doi.org/10.1109/HPEC43674.2020.9286255
Chavez A(2019)Moving Target Defense to Improve Industrial Control System ResiliencyIndustrial Control Systems Security and Resiliency10.1007/978-3-030-18214-4_8(143-167)Online publication date: 30-Aug-2019
https://doi.org/10.1007/978-3-030-18214-4_8
Show More Cited By

Index Terms

An architecture a day keeps the hacker away
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGARCH Computer Architecture News

ACM SIGARCH Computer Architecture News Volume 33, Issue 1

Special issue: Workshop on architectural support for security and anti-virus (WASSA)

March 2005

159 pages

ISSN:0163-5964

DOI:10.1145/1055626

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2005

Published in SIGARCH Volume 33, Issue 1

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
334
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Abrath BCoppens BBroeck JWyseur BCabutto AFalcarin PSutter B(2020)Code Renewability for Native Software ProtectionACM Transactions on Privacy and Security10.1145/340489123:4(1-31)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3404891
Flikkema PPalmer JYalcin TCambou B(2020)Dynamic Computational Diversity with Multi-Radix Logic and Memory2020 IEEE High Performance Extreme Computing Conference (HPEC)10.1109/HPEC43674.2020.9286255(1-6)Online publication date: 22-Sep-2020
https://doi.org/10.1109/HPEC43674.2020.9286255
Chavez A(2019)Moving Target Defense to Improve Industrial Control System ResiliencyIndustrial Control Systems Security and Resiliency10.1007/978-3-030-18214-4_8(143-167)Online publication date: 30-Aug-2019
https://doi.org/10.1007/978-3-030-18214-4_8
Maleki HValizadeh SKoch WBestavros Avan Dijk MLiu PWang C(2016)Markov Modeling of Moving Target Defense GamesProceedings of the 2016 ACM Workshop on Moving Target Defense10.1145/2995272.2995273(81-92)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2995272.2995273
Sun RLee AChen APorter DBishop MOliveira D(2016)Bear: A Framework for Understanding Application Sensitivity to OS (Mis) Behavior2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE.2016.18(388-399)Online publication date: Oct-2016
https://doi.org/10.1109/ISSRE.2016.18
Ceccato MFalcarin PCabutto AFrezghi YStaicu C(2016)Search Based Clustering for Protecting Software with Diversified UpdatesSearch Based Software Engineering10.1007/978-3-319-47106-8_11(159-175)Online publication date: 24-Sep-2016
https://doi.org/10.1007/978-3-319-47106-8_11
Sun RPorter DOliveira DBishop M(2015)The case for less predictable operating system behaviorProceedings of the 15th USENIX conference on Hot Topics in Operating Systems10.5555/2831090.2831116(26-26)Online publication date: 18-May-2015
https://dl.acm.org/doi/10.5555/2831090.2831116
Fang SPortante AHusain M(2015)Moving Target Defense Mechanisms in Cyber-Physical SystemsSecuring Cyber-Physical Systems10.1201/b19311-4(63-90)Online publication date: 29-Sep-2015
https://doi.org/10.1201/b19311-4
Carter KRiordan JOkhravi HJajodia SSun K(2014)A Game Theoretic Approach to Strategy Determination for Dynamic Platform DefensesProceedings of the First ACM Workshop on Moving Target Defense10.1145/2663474.2663478(21-30)Online publication date: 7-Nov-2014
https://dl.acm.org/doi/10.1145/2663474.2663478
Okhravi HRiordan JCarter K(2014)Quantitative Evaluation of Dynamic Platform Techniques as a Defensive MechanismResearch in Attacks, Intrusions and Defenses10.1007/978-3-319-11379-1_20(405-425)Online publication date: 2014
https://doi.org/10.1007/978-3-319-11379-1_20
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Cited By

Index Terms

Recommendations

The Browser Hacker's Handbook

The web application hacker's handbook: discovering and exploiting security flaws

Cybersecurity: Zero-Day Vulnerabilities and Attack Vectors

Comments

Published In

Publisher

Publication History

Check for updates

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

The Browser Hacker's Handbook

The web application hacker's handbook: discovering and exploiting security flaws

Cybersecurity: Zero-Day Vulnerabilities and Attack Vectors

Comments

Information

Published In

Publisher

Publication History

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations