Enforcing Integrity Models Through Hardware-Software Cohesive Systems
Guardat en:
| Publicat a: | ProQuest Dissertations and Theses (2024) |
|---|---|
| Autor principal: | |
| Publicat: |
ProQuest Dissertations & Theses
|
| Matèries: | |
| Accés en línia: | Citation/Abstract Full Text - PDF |
| Etiquetes: |
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
| Resum: | Integrity models are a principled defense mechanism that expresses a property of well-functioning software, then enforces that property continually at runtime. Unfortunately, these integrity models are often implemented in a way that compartmentalizes hardware from software. We present work that unifies the hardware and software in a single cohesive view where each half supports the whole. First, with Simplex, we show that existing hardware resources can be repurposed to support software-layer defenses without having onerous impacts on performance. Then, we present a new full-stack system named STAR that can be used to enforce a diverse body of integrity models through code and data tagging. We specifically discuss our associated compiler toolchain named Cogent, which is built on top of the widely used LLVM compiler and provides both inline code tagging and linkage-resolved data tagging. Next, we investigate how to optimize a label-based control-flow integrity scheme using a compiler such as Cogent, minimizing binary size increases while maximizing expressiveness of the integrity model. Finally, we propose Constable, a prototype compiler front-end that extends STAR for the IRn read- and write-limited data model by enforcing compile-time const qualifiers as run-time guarantees. |
|---|---|
| ISBN: | 9798384074083 |
| Font: | ProQuest Dissertations & Theses Global |