Contributions to Proceedings:

C. Kolbitsch, C. Krügel, E. Kirda:
"Extending Mondrian Memory Protection";
in: "IST-091 Information Assurance and Cyber Defence", issued by: NATO; NATO Research and Technology Organization (NATO RTO), 2010, ISBN: 978-92-837-0115-6, 18 pages.

English abstract:
Most modern operating systems implement some sort of memory protection scheme for user processes. These
schemes make it is possible to set access permissions that determine whether a region of memory allocated
for a process can be read, written, or executed by this process. Mondrian memory protection is a technique
that extends the traditional memory protection scheme and allows fine-grain permission settings. Instead of
being able to set access permissions on a page-level, Mondrian memory protection supports different access
permissions for individual words. However, this protection scheme is still limited to only two permission bits
that have a predefined semantics. This is not sufficient to implement more complex security techniques, for
example, a race condition detection system.
In this paper, we propose an extension to the simpleMondrian protection scheme that provides more flexibil-
ity to user programs and the operating system. Based on our extended architecture, we implement mechanisms
to protect sensitive data structures on the heap and on the stack. Moreover, we present the implementation of a
technique to detect race conditions and suggest further areas of application. Our experiments demonstrate that
the system can provide the expected protection and ability to detect races with reasonable overheads. Further-
more, our results show that even large systems such as the GNU C library and the Apache web server contain
problems related to race conditions.

Electronic version of the publication:

Related Projects:
Project Head Paolo Milani Comparetti:
Worldwide Observatory of Malicious Behaviors and Attack Threats

Project Head Christian Platzer:
SECoverer - Finding Security Vulnerabilities in Web Applications

Created from the Publication Database of the Vienna University of Technology.