High System-Code Security with Low Overhead

Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy, these checks guard critical operations, like memory accesses. Alas, the induced slowdown...

Full description

Saved in:
Bibliographic Details
Main Authors: Wagner, Jonas, Kuznetsov, Volodymyr, Candea, George, Kinder, Johannes
Format: Conference Proceeding
Language:English
Subjects:
Computer bugs
Instruments
Memory Safety
Production
Safety
Security
Software
Software Hardening
Software Instrumentation
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 879
container_issue
container_start_page 866
container_title
container_volume
creator Wagner, Jonas
Kuznetsov, Volodymyr
Candea, George
Kinder, Johannes
description Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy, these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists. We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%), our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified "overhead budget." Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap. We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, Open SSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.
doi_str_mv 10.1109/SP.2015.58
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_7163065</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7163065</ieee_id><sourcerecordid>7163065</sourcerecordid><originalsourceid>FETCH-LOGICAL-i244t-83b0c243810c940a9bd84ea7cdd4b0fa962f3583a7e456541c7fec2624a357ec3</originalsourceid><addsrcrecordid>eNotzDtLxEAQAOAVFLyHja1Nekmc2Z19lRLUEwIn5KyPzWZiVjxOkuiRf2_hVV_3CXGLUCCCf6jfCgmoC-0uxBLJWGU8eXspFggOcwOI12I5jp8AEpSnhbjfpI8-q-dx4kNeHlvOao4_Q5rm7JSmPquOp2z7y0PPoV2Lqy58jXxzdiXen5925Savti-v5WOVJ0k05U41ECUphxA9QfBN64iDjW1LDXTBG9kp7VSwTNpowmg7jtJICkpbjmol7v7fxMz77yEdwjDvLRoFRqs_mIA-3g</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>High System-Code Security with Low Overhead</title><source>IEEE Xplore All Conference Series</source><creator>Wagner, Jonas ; Kuznetsov, Volodymyr ; Candea, George ; Kinder, Johannes</creator><creatorcontrib>Wagner, Jonas ; Kuznetsov, Volodymyr ; Candea, George ; Kinder, Johannes</creatorcontrib><description>Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy, these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists. We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%), our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified "overhead budget." Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap. We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, Open SSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.</description><identifier>ISSN: 1081-6011</identifier><identifier>EISBN: 1467369497</identifier><identifier>EISBN: 9781467369497</identifier><identifier>DOI: 10.1109/SP.2015.58</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer bugs ; Instruments ; Memory Safety ; Production ; Safety ; Security ; Software ; Software Hardening ; Software Instrumentation</subject><ispartof>2015 IEEE Symposium on Security and Privacy, 2015, p.866-879</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7163065$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23930,23931,25140,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7163065$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Wagner, Jonas</creatorcontrib><creatorcontrib>Kuznetsov, Volodymyr</creatorcontrib><creatorcontrib>Candea, George</creatorcontrib><creatorcontrib>Kinder, Johannes</creatorcontrib><title>High System-Code Security with Low Overhead</title><title>2015 IEEE Symposium on Security and Privacy</title><addtitle>SP</addtitle><description>Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy, these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists. We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%), our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified "overhead budget." Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap. We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, Open SSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.</description><subject>Computer bugs</subject><subject>Instruments</subject><subject>Memory Safety</subject><subject>Production</subject><subject>Safety</subject><subject>Security</subject><subject>Software</subject><subject>Software Hardening</subject><subject>Software Instrumentation</subject><issn>1081-6011</issn><isbn>1467369497</isbn><isbn>9781467369497</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2015</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotzDtLxEAQAOAVFLyHja1Nekmc2Z19lRLUEwIn5KyPzWZiVjxOkuiRf2_hVV_3CXGLUCCCf6jfCgmoC-0uxBLJWGU8eXspFggOcwOI12I5jp8AEpSnhbjfpI8-q-dx4kNeHlvOao4_Q5rm7JSmPquOp2z7y0PPoV2Lqy58jXxzdiXen5925Savti-v5WOVJ0k05U41ECUphxA9QfBN64iDjW1LDXTBG9kp7VSwTNpowmg7jtJICkpbjmol7v7fxMz77yEdwjDvLRoFRqs_mIA-3g</recordid><startdate>20150501</startdate><enddate>20150501</enddate><creator>Wagner, Jonas</creator><creator>Kuznetsov, Volodymyr</creator><creator>Candea, George</creator><creator>Kinder, Johannes</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>20150501</creationdate><title>High System-Code Security with Low Overhead</title><author>Wagner, Jonas ; Kuznetsov, Volodymyr ; Candea, George ; Kinder, Johannes</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i244t-83b0c243810c940a9bd84ea7cdd4b0fa962f3583a7e456541c7fec2624a357ec3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Computer bugs</topic><topic>Instruments</topic><topic>Memory Safety</topic><topic>Production</topic><topic>Safety</topic><topic>Security</topic><topic>Software</topic><topic>Software Hardening</topic><topic>Software Instrumentation</topic><toplevel>online_resources</toplevel><creatorcontrib>Wagner, Jonas</creatorcontrib><creatorcontrib>Kuznetsov, Volodymyr</creatorcontrib><creatorcontrib>Candea, George</creatorcontrib><creatorcontrib>Kinder, Johannes</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wagner, Jonas</au><au>Kuznetsov, Volodymyr</au><au>Candea, George</au><au>Kinder, Johannes</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>High System-Code Security with Low Overhead</atitle><btitle>2015 IEEE Symposium on Security and Privacy</btitle><stitle>SP</stitle><date>2015-05-01</date><risdate>2015</risdate><spage>866</spage><epage>879</epage><pages>866-879</pages><issn>1081-6011</issn><eisbn>1467369497</eisbn><eisbn>9781467369497</eisbn><coden>IEEPAD</coden><abstract>Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy, these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists. We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%), our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified "overhead budget." Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap. We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, Open SSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.</abstract><pub>IEEE</pub><doi>10.1109/SP.2015.58</doi><tpages>14</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1081-6011
ispartof 2015 IEEE Symposium on Security and Privacy, 2015, p.866-879
issn 1081-6011
language eng
recordid cdi_ieee_primary_7163065
source IEEE Xplore All Conference Series
subjects Computer bugs
Instruments
Memory Safety
Production
Safety
Security
Software
Software Hardening
Software Instrumentation
title High System-Code Security with Low Overhead
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T22%3A47%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=High%20System-Code%20Security%20with%20Low%20Overhead&rft.btitle=2015%20IEEE%20Symposium%20on%20Security%20and%20Privacy&rft.au=Wagner,%20Jonas&rft.date=2015-05-01&rft.spage=866&rft.epage=879&rft.pages=866-879&rft.issn=1081-6011&rft.coden=IEEPAD&rft_id=info:doi/10.1109/SP.2015.58&rft.eisbn=1467369497&rft.eisbn_list=9781467369497&rft_dat=%3Cieee_CHZPO%3E7163065%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i244t-83b0c243810c940a9bd84ea7cdd4b0fa962f3583a7e456541c7fec2624a357ec3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=7163065&rfr_iscdi=true