MemPatrol: Reliable sideline integrity monitoring for high-performance systems

Myoung Jin Nam, Wonhong Nam, Jin Young Choi, Periklis Akritidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Integrity checking using inline reference monitors to check individual memory accesses in C/C++ programs remains prohibitively expensive for the most performance-critical applications. To address this, we developed MemPatrol, a “sideline” integrity monitor that allows us to minimize the amount of performance degradation at the expense of increased detection delay. Inspired by existing proposals, MemPatrol uses a dedicated monitor thread running in parallel with the other threads of the protected application. Previous proposals, however, either rely on costly isolation mechanisms, or introduce a vulnerability window between the attack and its detection. During this vulnerability window, malicious code can cover up memory corruption, breaking the security guarantee of “eventual detection” that comes with strong isolation. Our key contributions are (i) a novel userspace-based isolation mechanism to address the vulnerability window, and (ii) to successfully reduce the overhead incurred by the application’s threads to a level acceptable for a performance-critical application. We evaluate MemPatrol on a highperformance passive network monitoring system, demonstrating its low overheads, as well as the operator’s control of the trade-off between performance degradation and detection delay.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, 2017
EditorsMichalis Polychronakis, Michael Meier
PublisherSpringer Verlag
Pages48-69
Number of pages22
ISBN (Print)9783319608754
DOIs
Publication statusPublished - 2017
Event14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2017 - Bonn, Germany
Duration: 2017 Jul 62017 Jul 7

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10327 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2017
Country/TerritoryGermany
CityBonn
Period17/7/617/7/7

Keywords

  • Buffer overflow attacks
  • Concurrency
  • Cryptography
  • Integrity monitoring
  • Isolation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'MemPatrol: Reliable sideline integrity monitoring for high-performance systems'. Together they form a unique fingerprint.

Cite this