Safe-Guarding Runtime Monitors

pdf

Abstract: The system security community has proposed a plethora of defense mechanisms that protect programs in the presence of vulnerabilities. Runtime monitors (e.g., CFI, CPI, ASLR, stack canaries, DEP, or diversity) detect security violations (e.g., control-flow hijacking, data corruption, or memory corruption) and terminate the process. Runtime monitors must be implemented efficiently for wide-spread adoption but their runtime data must be protected against adversarial access. This breakout focuses on trade-offs between different security policies and how their runtime data and code can be protected.

Tags:
License: CC-2.5
Submitted by Mathias Payer on