InfoShield: A Security Architecture for Protecting Information Usage in Memory
The Twelfth International Symposium on High-Performance Computer Architecture, 2006.
Cyber theft is a serious threat to Internet security. It is one of the major security concerns by both network service providers and Internet users. Though sensitive information can be encrypted when stored in non-volatile memory such as hard disks, for many e-commerce and network applications, sensitive information is often stored as plaintext in main memory. Documented and reported exploits facilitate an adversary stealing sensitive information from an application's memory. These exploits
... ude illegitimate memory scan, information theft oriented buffer overflow, invalid pointer manipulation, integer overflow, password stealing trojans and so forth. Today's computing system and its hardware cannot address these exploits effectively in a coherent way. This paper presents a uni ed and lightweight solution, called InfoShield, that can strengthen application protection against theft of sensitive information such as passwords, encryption keys, and other private data with a minimal performance impact. Unlike prior whole memory encryption and information flow based efforts, InfoShield protects the usage of information. InfoShield ensures that sensitive data are used only as de ned by application semantics, preventing misuse of information. Comparing with prior art, InfoShield handles a broader range of information theft scenarios in a uni ed framework with less overhead. Evaluation using popular network client-server applications shows that InfoShield is sound for practical use and incurs little performance loss because InfoShield only protects absolute, critical sensitive information. Based on the pro ling results, only 0.3% of memory accesses and 0.2% of executed codes are affected by InfoShield.