论文信息 - Compiler-Directed Region-Based Security for Low-Overhead Software Protection

Compiler-Directed Region-Based Security for Low-Overhead Software Protection

Software security has become a prominent area of research in recent years, with research efforts spanning a wide range of topics. Among these are techniques such as those in this paper that are in the general area of languages, compilers and architecture aimed at increasing the security of computing systems. This paper describes a compiler technique that performs risk-analysis on source code and generates an encrypted executable that both provides security but yet reduces overhead by selectively encrypting low-risk portions with less overhead. Regions of the code that are more vulnerable receive a higher degree of encryption. Experimental results for this technique, which we call Region-Based Security, using a collection of benchmarks show that execution overhead is reduced considerably by using this approach.

Bhagirath Narahari | Rahul Simha | Olga Gelbart | V. Kongubangaram

[1] Mikhail J. Atallah,et al. Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[2] Alok N. Choudhary,et al. CODESSEAL: Compiler/FPGA Approach to Secure Applications , 2005, ISI.

[3] Dawson R. Engler,et al. Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[4] Christian S. Collberg,et al. A Taxonomy of Obfuscating Transformations , 1997 .

[5] Alok N. Choudhary,et al. Performance Study of a Compiler/Hardware Approach to Embedded Systems Security , 2005, ISI.

[6] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[7] David A. Wagner,et al. MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[8] CRISPIN COWAN,et al. Software Security for Open-Source Systems , 2003, IEEE Secur. Priv..

[9] Dan Boneh,et al. Architectural support for copy and tamper resistant software , 2000, SIGP.

[10] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[11] Jeffrey S. Foster,et al. Type qualifiers: lightweight specifications to improve software quality , 2002 .