Summary: Secure Execution Via Program Shepherding
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe
Laboratory for Computer Science
Massachusetts Institute of Technology
Cambridge, MA 02139
vlk,iye,saman¡ @lcs.mit.edu
Abstract
We introduce program shepherding, a method for
monitoring control flow transfers during program
execution to enforce a security policy. Shepherding
ensures that malicious code masquerading as data
is never executed, thwarting a large class of security
attacks. Shepherding can also enforce entry points
as the only way to execute shared library code. Fur-
thermore, shepherding guarantees that sandboxing
checks around any type of program operation will
never be bypassed. We have implemented these ca-
pabilities efficiently in a runtime system with mini-
mal or no performance penalties. This system oper-
ates on unmodified native binaries, requires no spe-

Source: Amarasinghe, Saman - Computer Science and Artificial Intelligence Laboratory & Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology (MIT)

Collections: Computer Technologies and Information Sciences