[llvm-commits] [www-pubs] r106006 - in /www-pubs/trunk: 2010-04-EUROSYS-Returnless.html 2010-05-Oakland-HyperSafe.html pubs.js
John Criswell
criswell at uiuc.edu
Tue Jun 15 10:40:30 PDT 2010
Author: criswell
Date: Tue Jun 15 12:40:29 2010
New Revision: 106006
URL: http://llvm.org/viewvc/llvm-project?rev=106006&view=rev
Log:
Added Xuxian Jiang's Eurosys and Oakland papers. Both use LLVM.
Added:
www-pubs/trunk/2010-04-EUROSYS-Returnless.html
www-pubs/trunk/2010-05-Oakland-HyperSafe.html
Modified:
www-pubs/trunk/pubs.js
Added: www-pubs/trunk/2010-04-EUROSYS-Returnless.html
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/2010-04-EUROSYS-Returnless.html?rev=106006&view=auto
==============================================================================
--- www-pubs/trunk/2010-04-EUROSYS-Returnless.html (added)
+++ www-pubs/trunk/2010-04-EUROSYS-Returnless.html Tue Jun 15 12:40:29 2010
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <link rel="stylesheet" href="../llvm.css" type="text/css" media="screen">
+ <title>Defeating Return-Oriented Rootkits with "Return-Less" Kernels</title>
+</head>
+<body>
+
+<div class="pub_title">
+ Defeating Return-Oriented Rootkits with "Return-Less" Kernels
+</div>
+<div class="pub_author">
+ Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram
+</div>
+
+<h2>Abstract:</h2>
+<blockquote>
+<p>
+Targeting the operating system (OS) kernel, kernel rootkits pose a formidable
+threat to computer systems and their users. Recent efforts have made
+significant progress in blocking them from injecting malicious code into the OS
+kernel for execution. Unfortunately, they cannot block the emerging so-called
+return-oriented rootkits (RORs). Without the need of injecting their own
+malicious code, these rootkits can discover and chain together "return-oriented
+gadgets" (that consist of only legitimate kernel code) for rootkit computation.
+</p>
+
+<p>
+In this paper, we propose a compiler-based approach to defeat these
+return-oriented rootkits. Our approach recognizes the hallmark of
+return-oriented rootkits, i.e., the ret instruction, and accordingly aims to
+completely remove them in a running OS kernel. Specifically, one key technique
+named return indirection is to replace the return address in a stack frame into
+a return index and disallow a ROR from using their own return addresses to
+locate and assemble return-oriented gadgets. Further, to prevent legitimate
+instructions that happen to contain return opcodes from being misused,we also
+propose two other techniques, register allocation and peephole optimization, to
+avoid introducing them in the first place. We have developed a LLVM-based
+prototype and used it to generate a return-less FreeBSD kernel. Our evaluation
+results indicate that the proposed approach is generic, effective, and can be
+implemented on commodity hardware with a low performance overhead.
+</p>
+</blockquote>
+
+<h2>Published:</h2>
+<blockquote>
+ "Defeating Return-Oriented Rootkits with "Return-Less" Kernels"
+ <br>
+ Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram
+ <br>
+<i>
+Proc. of the 5th ACM European Conference on Computer Systems
+</i>, Paris, France, April 2010.
+</blockquote>
+<h2>Download:</h2>
+<h3>Paper:</h3>
+<ul>
+ <li><a href="http://www.csc.ncsu.edu/faculty/jiang/pubs/EUROSYS10.pdf">
+ Defeating Return-Oriented Rootkits with "Return-Less" Kernels
+ </a> (PDF)</li>
+</ul>
+
+<!-- *********************************************************************** -->
+<hr>
+ <a href="http://jigsaw.w3.org/css-validator/check/referer"><img
+ src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"></a>
+ <a href="http://validator.w3.org/check/referer"><img
+ src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" /></a>
+
+</body>
+</html>
Added: www-pubs/trunk/2010-05-Oakland-HyperSafe.html
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/2010-05-Oakland-HyperSafe.html?rev=106006&view=auto
==============================================================================
--- www-pubs/trunk/2010-05-Oakland-HyperSafe.html (added)
+++ www-pubs/trunk/2010-05-Oakland-HyperSafe.html Tue Jun 15 12:40:29 2010
@@ -0,0 +1,77 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <link rel="stylesheet" href="../llvm.css" type="text/css" media="screen">
+ <title>HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity</title>
+</head>
+<body>
+
+<div class="pub_title">
+ HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
+</div>
+<div class="pub_author">
+ Zhi Wang and Xuxian Jiang
+</div>
+
+<h2>Abstract:</h2>
+<blockquote>
+<p>
+Virtualization is being widely adopted in todayâs
+computing systems. Its unique security advantages in isolating
+and introspecting commodity OSes as virtual machines (VMs)
+have enabled a wide spectrum of applications. However, a com-
+mon, fundamental assumption is the presence of a trustworthy
+hypervisor. Unfortunately, the large code base of commodity
+hypervisors and recent successful hypervisor attacks (e.g., VM
+escape) seriously question the validity of this assumption.
+In this paper, we present HyperSafe, a lightweight approach
+that endows existing Type-I bare-metal hypervisors with a
+unique self-protection capability to provide lifetime control-
+ï¬ow integrity. Speciï¬cally, we propose two key techniques. The
+ï¬rst one â non-bypassable memory lockdown â reliably protects
+the hypervisorâs code and static data from being compromised
+even in the presence of exploitable memory corruption bugs
+(e.g., buffer overï¬ows), therefore successfully providing hyper-
+visor code integrity. The second one â restricted pointer indexing
+â introduces one layer of indirection to convert the control data
+into pointer indexes. These pointer indexes are restricted such
+that the corresponding call/return targets strictly follow the
+hypervisor control ï¬ow graph, hence expanding protection to
+control-ï¬ow integrity. We have built a prototype and used it to
+protect two open-source Type-I hypervisors: BitVisor and Xen.
+The experimental results with synthetic hypervisor exploits
+and benchmarking programs show HyperSafe can reliably
+enable the hypervisor self-protection and provide the integrity
+guarantee with a small performance overhead.
+</p>
+</blockquote>
+
+<h2>Published:</h2>
+<blockquote>
+ "HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity"
+ <br>
+ Zhi Wang and Xuxian Jiang
+ <br>
+<i>
+Proceedings of the Thirty First IEEE Symposium on Security & Privacy (Oakland
+2010),
+</i> Oakland, CA, May 2010.
+</blockquote>
+<h2>Download:</h2>
+<h3>Paper:</h3>
+<ul>
+ <li><a href="http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND10.pdf">
+ HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
+ </a> (PDF)</li>
+</ul>
+
+<!-- *********************************************************************** -->
+<hr>
+ <a href="http://jigsaw.w3.org/css-validator/check/referer"><img
+ src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"></a>
+ <a href="http://validator.w3.org/check/referer"><img
+ src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" /></a>
+
+</body>
+</html>
Modified: www-pubs/trunk/pubs.js
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/pubs.js?rev=106006&r1=106005&r2=106006&view=diff
==============================================================================
--- www-pubs/trunk/pubs.js (original)
+++ www-pubs/trunk/pubs.js Tue Jun 15 12:40:29 2010
@@ -1,6 +1,12 @@
// The array should be sorted reverse-chronologically, and will be displayed on
// the page in the order listed.
var PUBS = [
+ {url: "2010-05-Oakland-HyperSafe.html",
+ title: "HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity",
+ published: "IEEE Symposium on Security & Privacy 2010",
+ author: " Zhi Wang and Xuxian Jiang",
+ month: 5,
+ year: 2010},
{url: "2010-05-01-ClangBSD.html",
title: "ClangBSD",
published: "BSDcan 2010",
@@ -21,6 +27,13 @@
location: "Paris, France",
month: 4,
year: 2010},
+ {url: "2010-04-EUROSYS-Returnless.html",
+ title: "Defeating Return-Oriented Rootkits with "Return-Less" Kernels",
+ published: "Proc. of the 5th ACM European Conference on Computer Systems (EuroSys'10)",
+ author: "Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram",
+ location: "Paris, France",
+ month: 4,
+ year: 2010},
{url: "2010-04-EUROSYS-RevNIC.html",
title: "Reverse Engineering of Binary Device Drivers with RevNIC",
published: "Proc. of the 5th ACM European Conference on Computer Systems (EuroSys'10)",
More information about the llvm-commits
mailing list