Enforcing Integrity Models Through Hardware-Software Cohesive Systems
Gespeichert in:
| Veröffentlicht in: | ProQuest Dissertations and Theses (2024) |
|---|---|
| 1. Verfasser: | |
| Veröffentlicht: |
ProQuest Dissertations & Theses
|
| Schlagworte: | |
| Online-Zugang: | Citation/Abstract Full Text - PDF |
| Tags: |
Keine Tags, Fügen Sie das erste Tag hinzu!
|
| Abstract: | Integrity models are a principled defense mechanism that expresses a property of well-functioning software, then enforces that property continually at runtime. Unfortunately, these integrity models are often implemented in a way that compartmentalizes hardware from software. We present work that unifies the hardware and software in a single cohesive view where each half supports the whole. First, with Simplex, we show that existing hardware resources can be repurposed to support software-layer defenses without having onerous impacts on performance. Then, we present a new full-stack system named STAR that can be used to enforce a diverse body of integrity models through code and data tagging. We specifically discuss our associated compiler toolchain named Cogent, which is built on top of the widely used LLVM compiler and provides both inline code tagging and linkage-resolved data tagging. Next, we investigate how to optimize a label-based control-flow integrity scheme using a compiler such as Cogent, minimizing binary size increases while maximizing expressiveness of the integrity model. Finally, we propose Constable, a prototype compiler front-end that extends STAR for the IRn read- and write-limited data model by enforcing compile-time const qualifiers as run-time guarantees. |
|---|---|
| ISBN: | 9798384074083 |
| Quelle: | ProQuest Dissertations & Theses Global |