Secure Execution Via Program Shepherding

Kiriansky, Vladimir; Bruening, Derek; Amarasinghe, Saman

Author(s)

Kiriansky, Vladimir; Bruening, Derek; Amarasinghe, Saman

DownloadMIT-LCS-TM-625.pdf (86.47Kb)

Metadata

Show full item record

Abstract

We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Shepherding ensures that malicious code masquerading as data is never executed, thwarting a large class of security attacks. Shepherding can also enforce entry points as the only way to execute shared library code. Furthermore, shepherding guarantees that sandboxing checks around any type of program operation will never be bypassed. We have implemented these capabilities efficiently in a runtime system with minimal or no performance penalties. This system operates on unmodified native binaries, requires no special hardware or operating system support, and runs on existing IA-32 machines.

Date issued

2002-02

URI

https://hdl.handle.net/1721.1/149314

Series/Report no.

MIT-LCS-TM-625

Collections

LCS Technical Memos (1974 - 2003)