MemPatrol: Reliable sideline integrity monitoring for high-performance systems

Myoung Jin Nam, Wonhong Nam, Jin Young Choi, Periklis Akritidis

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Integrity checking using inline reference monitors to check individual memory accesses in C/C++ programs remains prohibitively expensive for the most performance-critical applications. To address this, we developed MemPatrol, a “sideline” integrity monitor that allows us to minimize the amount of performance degradation at the expense of increased detection delay. Inspired by existing proposals, MemPatrol uses a dedicated monitor thread running in parallel with the other threads of the protected application. Previous proposals, however, either rely on costly isolation mechanisms, or introduce a vulnerability window between the attack and its detection. During this vulnerability window, malicious code can cover up memory corruption, breaking the security guarantee of “eventual detection” that comes with strong isolation. Our key contributions are (i) a novel userspace-based isolation mechanism to address the vulnerability window, and (ii) to successfully reduce the overhead incurred by the application’s threads to a level acceptable for a performance-critical application. We evaluate MemPatrol on a highperformance passive network monitoring system, demonstrating its low overheads, as well as the operator’s control of the trade-off between performance degradation and detection delay.

    Original languageEnglish
    Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, 2017
    EditorsMichalis Polychronakis, Michael Meier
    PublisherSpringer Verlag
    Pages48-69
    Number of pages22
    ISBN (Print)9783319608754
    DOIs
    Publication statusPublished - 2017
    Event14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2017 - Bonn, Germany
    Duration: 2017 Jul 62017 Jul 7

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume10327 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Other

    Other14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2017
    Country/TerritoryGermany
    CityBonn
    Period17/7/617/7/7

    Bibliographical note

    Publisher Copyright:
    © Springer International Publishing AG 2017.

    Keywords

    • Buffer overflow attacks
    • Concurrency
    • Cryptography
    • Integrity monitoring
    • Isolation

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • General Computer Science

    Fingerprint

    Dive into the research topics of 'MemPatrol: Reliable sideline integrity monitoring for high-performance systems'. Together they form a unique fingerprint.

    Cite this