Software and Hardware Techniques for Masking Security Vulnerabilities
Xu, Jun
This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/81635
Description
Title
Software and Hardware Techniques for Masking Security Vulnerabilities
Author(s)
Xu, Jun
Issue Date
2003
Doctoral Committee Chair(s)
Iyer, Ravishankar K.
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
Computer Science
Language
eng
Abstract
Security problems in computer systems are caused by a variety of design deficiencies, implementation defects and, as this thesis shows, by transient errors. The thesis first studies real world security vulnerabilities via an analysis of available security data and experimentation. Results of the study show that: (i) Nearly 60% of the successful attacks exploit design defects in target applications that allow attackers to tamper with critical control information to seize the application execution; and (ii) Naturally occurring transient errors can infrequently corrupt security sensitive code in such a way as to leave the software in a totally vulnerable state open to attacks. A stochastic model in conjunction with real data demonstrates that, although infrequent, such problems have a finite probability. The thesis then proposes two algorithms---Transparent Runtime Randomization (TRR) and Control Data Randomization (CDR)---to protect an application against security attacks. The two algorithms are implemented by instrumenting the operating system, runtime system and compiler, and are experimentally evaluated against a wide range of security attacks. The thesis also explores the potential of architectural support for security. Three hardware security modules---Secure Return Address Stack (SRAS), Memory Layout Randomization and Data Dependency Tracker---are implemented and evaluated in a processor-level framework called Reliability and Security Engine.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
