High System-Code Security with Low Overhead

Jonas Wagner, Volodymyr Kuznetsov, George Candea, Johannes Kinder

Research output: Chapter in Book/Report/Conference proceedingConference contribution

126 Downloads (Pure)

Abstract

Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy; these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists.

We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%); our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified "overhead budget." Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap.

We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, OpenSSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.
Original languageEnglish
Title of host publication2015 IEEE Symposium on Security and Privacy
PublisherIEEE
Pages866-879
Number of pages14
ISBN (Electronic)978-1-4673-6949-7
DOIs
Publication statusE-pub ahead of print - 20 Jul 2015

Cite this