DocumentCode :
3307192
Title :
InfoShield: a security architecture for protecting information usage in memory
Author :
Shi, Weidong ; Fryman, Joshua B. ; Gu, Guofei ; Lee, Hsien Hsin S ; Zhang, Youtao ; Yang, Jun
Author_Institution :
Sch. of Electr. & Comput. Eng., Georgia Tech., GA, USA
fYear :
2006
fDate :
11-15 Feb. 2006
Firstpage :
222
Lastpage :
231
Abstract :
Cyber theft is a serious threat to Internet security. It is one of the major security concerns by both network service providers and Internet users. Though sensitive information can be encrypted when stored in non-volatile memory such as hard disks, for many e-commerce and network applications, sensitive information is often stored as plaintext in main memory. Documented and reported exploits facilitate an adversary stealing sensitive information from an application´s memory. These exploits include illegitimate memory scan, information theft oriented buffer overflow, invalid pointer manipulation, integer overflow, password stealing Trojans and so forth. Today´s computing system and its hardware cannot address these exploits effectively in a coherent way. This paper presents a unified and lightweight solution, called InfoShield that can strengthen application protection against theft of sensitive information such as passwords, encryption keys, and other private data with a minimal performance impact. Unlike prior whole memory encryption and information flow based efforts, InfoShield protects the usage of information. InfoShield ensures that sensitive data are used only as defined by application semantics, preventing misuse of information. Comparing with prior art, InfoShield handles a broader range of information theft scenarios in a unified framework with less overhead. Evaluation using popular network client-server applications shows that InfoShield is sound for practical use and incurs little performance loss because InfoShield only protects absolute, critical sensitive information. Based on the profiling results, only 0.3% of memory accesses and 0.2% of executed codes are affected by InfoShield.
Keywords :
data privacy; security of data; storage management; InfoShield; Internet security; cyber theft; memory encryption; network client-server application; security architecture; Buffer overflow; Computer security; Cryptography; Hard disks; Hardware; IP networks; Information security; Nonvolatile memory; Protection; Web and internet services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
High-Performance Computer Architecture, 2006. The Twelfth International Symposium on
ISSN :
1530-0897
Print_ISBN :
0-7803-9368-6
Type :
conf
DOI :
10.1109/HPCA.2006.1598131
Filename :
1598131
Link To Document :
بازگشت