Hardware/software co-design for efficient security analysis = 효율적인 보안 분석을 위한 하드웨어/소프트웨어 통합 설계

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 220
  • Download : 0
The reference monitor is one of the methodologies to enhance the security of a system. It defines a legitimate state of the system and determines anomaly by comparing runtime status with pre-defined legitimate status. One of the important factors to determine the performance and practicality of the monitor is the implementation method, which can be based on either software or hardware. Software-based approaches have the advantage that they can be easily applicable and deployable to the existing system without changing hardware components, but the monitoring code for checking the security of a protected system employes hardware resources (i.e., CPU and memory) occupied by the software running on the host, which causes performance degradation. Hardware-based approaches have a negligible performance overhead but they are not flexibly adopting new detection method, since any modification of an hardware would certainly incur significant costs and time. In this thesis, I will describe the hardware/software co-design for a practical security reference monitor that can be attached to an existing system without significant modification of a host processor. By splitting the monitoring into the information extraction and the security analysis, and offloading heavy security analysis to a dedicated off-core, the solutions can affect negligible performance overhead to the host system. Furthermore, the software components of the solutions provide not only the programmability and flexibility that security analysis schemes can be agilely applied but also the way the context information of the host processor is efficiently transferred to the off-core. Based on the above design, I implemented two security monitors based on the data flow and control flow analysis each of which can mitigate code-reuse attack and memory corruption vulnerabilities respectively.
Advisors
Kang, Brent Byung Hoonresearcher강병훈researcher
Description
한국과학기술원 :정보보호대학원,
Publisher
한국과학기술원
Issue Date
2018
Identifier
325007
Language
eng
Description

학위논문(박사) - 한국과학기술원 : 정보보호대학원, 2018.2,[v, 69 p. :]

Keywords

reference monitor▼acode-reuse attack defense▼adata information flow tracking▼ahardware/software▼aco-design; 참조 모니터▼a코드 재사용 공격 방어▼a테이터 정보 흐름 추적▼a하드웨어/소프트웨어▼a통합 설계

URI
http://hdl.handle.net/10203/265359
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=734429&flag=dissertation
Appears in Collection
IS-Theses_Ph.D.(박사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0