XFI: software guards for system address spaces 论文
2006Operating Systems Design and Implementation引用 341
Security and Verification in ComputingAdvanced Malware Detection TechniquesDigital and Cyber Forensics
详细信息
- 发表期刊/会议
- Operating Systems Design and Implementation
- 发表日期
- 2006-11-06
- 发表年份
- 2006
关键词
Security and Verification in ComputingAdvanced Malware Detection TechniquesDigital and Cyber Forensics
摘要
XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model. We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter. We have applied XFI to software such as device drivers and multimedia codecs. The resulting modules function safely within both kernel and user-mode address spaces, with only modest enforcement overheads.