Ιδρυματικό Αποθετήριο
Πολυτεχνείο Κρήτης
Πολυτεχνείο Κρήτης
EN
|
EL
| URI: | http://purl.tuc.gr/dl/dias/71037DEA-7D49-47DA-A5CE-116FE8173711 | ||
| Έτος | 2016 | ||
| Τύπος | Διπλωματική Εργασία | ||
| Άδεια Χρήσης |
|
||
| Βιβλιογραφική Αναφορά | Βάϊος Ταξιάρχης, "Επέκταση του επεξεργαστή LEON για την αποδοτική υποστήριξη σε υλικό της παρακολούθησης δυναμικής ροής πληροφοριών", Διπλωματική Εργασία, Σχολή Ηλεκτρονικών Μηχανικών και Μηχανικών Υπολογιστών, Πολυτεχνείο Κρήτης, Χανιά, Ελλάς, 2016 https://doi.org/10.26233/heallink.tuc.65271 | ||
| Εμφανίζεται στις Συλλογές |
Computer security is of growing importance due to the increasing reliance of computer systems in most societies. Software vulnerabilities can be seen as flaws or weaknesses in the system that can be exploited by an attacker in order to alter the normal behavior of the system. As a consequence, vulnerabilities in the production of software make necessary to have tools that can help programmers to avoid or detect them in the development of the code. Existing defenses, such as canaries or web application firewalls, often suffer from compatibility issues or are easily evaded by a professional attacker. Security defenses should focus on safety, speed, flexibility, practicality and end-to-end coverage. Recent researches have shown that Dynamic Information Flow Tracking (DIFT) is a promising technique for detecting a wide range of security attacks. DIFT tracks the flow of untrusted information within a program’s runtime by extending memory and registers with tags. With hardware support, DIFT can provide comprehensive protection against input validation attacks with minimal performance overhead. Thus, in relation to our on-going research on vulnerability detection, this thesis presents the design and implementation of a hardware platform for DIFT, based on the synthesizable LEON processor. The specific platform is an extension of the LEON processor with additional instructions for data-flow integrity support. Specifically it can track “tag” information along data within the processor pipeline and through computations, if we install appropriate Linux-based operating system. The modified processor protects applications from low-level memory corruption exploits (such as buffer overflows or format string attacks) and can be extended so as to protect from high-level semantic vulnerabilities (such as SQL injections or cross-site scripting) in future work. The processor includes also support to trapping when unsafe data are used as pointers to prevent information leakage.
Copyright © DIAS 2013
