TY - GEN
T1 - Minos
T2 - 37th International Symposium on Microarchitecture - MICRO-37 2004
AU - Crandall, Jedidiah R.
AU - Chong, Frederic T.
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2004
Y1 - 2004
N2 - We introduce Minos, a microarchitecture that implements Biba's low-water-mark integrity policy on individual words of data. Minos stops attacks that corrupt control data to hijack program control flow but is orthogonal to the memory model. Control data is any data which is loaded into the program counter on control flow transfer, or any data used to calculate such data. The key is that Minos tracks the integrity of all data, but protects control flow by checking this integrity when a program uses the data for control transfer. Existing policies, in contrast, need to differentiate between control and non-control data a priori, a task made impossible by coercions between pointers and other data types such as integers in the C language. Our implementation of Minos for Red Hat Linux 6.2 on a Pentium-based emulator is a stable, usable Linux system on the network on which we are currently running a web server [3]. Our emulated Minos systems running Linux and Windows have stopped several actual attacks. We present a microarchitectural implementation of Minos that achieves negligible impact on cycle time with a small investment in die area, and minor changes to the Linux kernel to handle the tag bits and perform virtual memory swapping.
AB - We introduce Minos, a microarchitecture that implements Biba's low-water-mark integrity policy on individual words of data. Minos stops attacks that corrupt control data to hijack program control flow but is orthogonal to the memory model. Control data is any data which is loaded into the program counter on control flow transfer, or any data used to calculate such data. The key is that Minos tracks the integrity of all data, but protects control flow by checking this integrity when a program uses the data for control transfer. Existing policies, in contrast, need to differentiate between control and non-control data a priori, a task made impossible by coercions between pointers and other data types such as integers in the C language. Our implementation of Minos for Red Hat Linux 6.2 on a Pentium-based emulator is a stable, usable Linux system on the network on which we are currently running a web server [3]. Our emulated Minos systems running Linux and Windows have stopped several actual attacks. We present a microarchitectural implementation of Minos that achieves negligible impact on cycle time with a small investment in die area, and minor changes to the Linux kernel to handle the tag bits and perform virtual memory swapping.
UR - http://www.scopus.com/inward/record.url?scp=21644482450&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=21644482450&partnerID=8YFLogxK
U2 - 10.1109/MICRO.2004.26
DO - 10.1109/MICRO.2004.26
M3 - Conference contribution
AN - SCOPUS:21644482450
SN - 0769521266
T3 - Proceedings of the Annual International Symposium on Microarchitecture, MICRO
SP - 221
EP - 232
BT - Proceedings of the 37th Annual International Symposium on Microarchitecture, MICRO-37 2004
Y2 - 4 December 2004 through 8 December 2004
ER -