| | |
Summary: Secure Execution Via Program Shepherding
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe
Laboratory for Computer Science
Massachusetts Institute of Technology
Cambridge, MA 02139
vlk,iye,saman¡ @lcs.mit.edu
Abstract
We introduce program shepherding, a method for moni-
toring control flow transfers during program execution to
enforce a security policy. Program shepherding provides
three techniques as building blocks for security policies.
First, shepherding can restrict execution privileges on
the basis of code origins. This distinction can ensure
that malicious code masquerading as data is never exe-
cuted, thwarting a large class of security attacks. Sec-
ond, shepherding can restrict control transfers based on
instruction class, source, and target. For example, shep-
herding can forbid execution of shared library code ex-
cept through declared entry points, and can ensure that a
|
