Sciweavers

ASPLOS
2006
ACM

Improving software security via runtime instruction-level taint checking

14 years 6 months ago
Improving software security via runtime instruction-level taint checking
Current taint checking architectures monitor tainted data usage mainly with control transfer instructions. An alarm is raised once the program counter becomes tainted. However, such architectures are not effective against non-control data attacks. In this paper we present a generic instructionlevel runtime taint checking architecture for handling noncontrol data attacks. Under our architecture, instructions are classified as either Taintless-Instructions or TaintedInstructions prior to program execution. An instruction is called a Tainted-Instruction if it is supposed to deal with tainted data. Otherwise it is called a Taintless-Instruction. A security alert is raised whenever a Taintless-Instruction encounters tainted data at runtime. The proposed architecture is implemented on the SimpleScalar simulator. The preliminary results from experiments on SPEC CPU 2000 benchmarks show that there are a significant amount of Taintless-Instructions. We also demonstrate effective usages of ...
Jingfei Kong, Cliff Changchun Zou, Huiyang Zhou
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where ASPLOS
Authors Jingfei Kong, Cliff Changchun Zou, Huiyang Zhou
Comments (0)