Monitor integrity protection with space efficiency and separate compilation

Ben Niu, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Citations (Scopus)

Abstract

Low-level inlined reference monitors weave monitor code into a program for security. To ensure that monitor code cannot be bypassed by branching instructions, some form of control-flow integrity must be guaranteed. Past approaches to protecting monitor code either have high space overhead or do not support separate compilation. We present Monitor Integrity Protection (MIP), a form of coarse-grained control-flow integrity. The key idea of MIP is to arrange instructions in variable-sized chunks and dynamically restrict indirect branches to target only chunk beginnings. We show that this simple idea is effective in protecting monitor code integrity, enjoys low space and execution-time overhead, supports separate compilation, and is largely compatible with an existing compiler toolchain. We also show that MIP enables a separate verifier that completely disassembles a binary and verifies its security. MIP is designed to support inlined reference monitors. As a case study, we have implemented MIP-based Software-based Fault Isolation (SFI) on both x86-32 and x86-64. The evaluation shows that MIP-based SFI has competitive performance with other SFI implementations, while enjoying low space overhead.

Original languageEnglish (US)
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages199-209
Number of pages11
DOIs
StatePublished - Dec 9 2013
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 4 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CountryGermany
CityBerlin
Period11/4/1311/8/13

Fingerprint

Flow control

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this

Niu, B., & Tan, G. (2013). Monitor integrity protection with space efficiency and separate compilation. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (pp. 199-209). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2508859.2516649
Niu, Ben ; Tan, Gang. / Monitor integrity protection with space efficiency and separate compilation. CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. pp. 199-209 (Proceedings of the ACM Conference on Computer and Communications Security).
@inproceedings{ab3979f9e47045c8a7e791b53b783c93,
title = "Monitor integrity protection with space efficiency and separate compilation",
abstract = "Low-level inlined reference monitors weave monitor code into a program for security. To ensure that monitor code cannot be bypassed by branching instructions, some form of control-flow integrity must be guaranteed. Past approaches to protecting monitor code either have high space overhead or do not support separate compilation. We present Monitor Integrity Protection (MIP), a form of coarse-grained control-flow integrity. The key idea of MIP is to arrange instructions in variable-sized chunks and dynamically restrict indirect branches to target only chunk beginnings. We show that this simple idea is effective in protecting monitor code integrity, enjoys low space and execution-time overhead, supports separate compilation, and is largely compatible with an existing compiler toolchain. We also show that MIP enables a separate verifier that completely disassembles a binary and verifies its security. MIP is designed to support inlined reference monitors. As a case study, we have implemented MIP-based Software-based Fault Isolation (SFI) on both x86-32 and x86-64. The evaluation shows that MIP-based SFI has competitive performance with other SFI implementations, while enjoying low space overhead.",
author = "Ben Niu and Gang Tan",
year = "2013",
month = "12",
day = "9",
doi = "10.1145/2508859.2516649",
language = "English (US)",
isbn = "9781450324779",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "199--209",
booktitle = "CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security",

}

Niu, B & Tan, G 2013, Monitor integrity protection with space efficiency and separate compilation. in CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 199-209, 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 11/4/13. https://doi.org/10.1145/2508859.2516649

Monitor integrity protection with space efficiency and separate compilation. / Niu, Ben; Tan, Gang.

CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. p. 199-209 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Monitor integrity protection with space efficiency and separate compilation

AU - Niu, Ben

AU - Tan, Gang

PY - 2013/12/9

Y1 - 2013/12/9

N2 - Low-level inlined reference monitors weave monitor code into a program for security. To ensure that monitor code cannot be bypassed by branching instructions, some form of control-flow integrity must be guaranteed. Past approaches to protecting monitor code either have high space overhead or do not support separate compilation. We present Monitor Integrity Protection (MIP), a form of coarse-grained control-flow integrity. The key idea of MIP is to arrange instructions in variable-sized chunks and dynamically restrict indirect branches to target only chunk beginnings. We show that this simple idea is effective in protecting monitor code integrity, enjoys low space and execution-time overhead, supports separate compilation, and is largely compatible with an existing compiler toolchain. We also show that MIP enables a separate verifier that completely disassembles a binary and verifies its security. MIP is designed to support inlined reference monitors. As a case study, we have implemented MIP-based Software-based Fault Isolation (SFI) on both x86-32 and x86-64. The evaluation shows that MIP-based SFI has competitive performance with other SFI implementations, while enjoying low space overhead.

AB - Low-level inlined reference monitors weave monitor code into a program for security. To ensure that monitor code cannot be bypassed by branching instructions, some form of control-flow integrity must be guaranteed. Past approaches to protecting monitor code either have high space overhead or do not support separate compilation. We present Monitor Integrity Protection (MIP), a form of coarse-grained control-flow integrity. The key idea of MIP is to arrange instructions in variable-sized chunks and dynamically restrict indirect branches to target only chunk beginnings. We show that this simple idea is effective in protecting monitor code integrity, enjoys low space and execution-time overhead, supports separate compilation, and is largely compatible with an existing compiler toolchain. We also show that MIP enables a separate verifier that completely disassembles a binary and verifies its security. MIP is designed to support inlined reference monitors. As a case study, we have implemented MIP-based Software-based Fault Isolation (SFI) on both x86-32 and x86-64. The evaluation shows that MIP-based SFI has competitive performance with other SFI implementations, while enjoying low space overhead.

UR - http://www.scopus.com/inward/record.url?scp=84889065012&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889065012&partnerID=8YFLogxK

U2 - 10.1145/2508859.2516649

DO - 10.1145/2508859.2516649

M3 - Conference contribution

AN - SCOPUS:84889065012

SN - 9781450324779

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 199

EP - 209

BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security

ER -

Niu B, Tan G. Monitor integrity protection with space efficiency and separate compilation. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. p. 199-209. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2508859.2516649