SAPEM: Secure Attestation of Program Execution and Program Memory for IoT Applications

Secure Execution via Program Shepherding

We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three techniques as building blocks for security policies. First, shepherding can restrict execution privileges on the basis of code origins. This distinction can ensure that malicious code masquerading as data is never executed, th...

Certifying Program Execution with Secure Processors

Cerium is a trusted computing architecture that protects a program’s execution from being tampered while the program is running. Cerium uses a physically tamperresistant CPU and a μ-kernel to protect programs from each other and from hardware attacks. The μ-kernel partitions programs into separate address spaces, and the CPU applies memory protection to ensure that programs can only use their o...

Secure Multi-Execution through Static Program Transformation

Secure multi-execution (SME) is a dynamic technique to ensure secure information flow. In a nutshell, SME enforces security by running one execution of the program per security level, and by reinterpreting input/output operations w.r.t. their associated security level. SME is sound, in the sense that the execution of a program under SME is non-interfering, and precise, in the sense that for pro...

ShadowStack: A new approach for secure program execution

A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory

Physical access to a system allows attackers to read out RAM through cold boot and DMA attacks. Thus far, counter measures protect only against attacks targeting disk encryption keys, while the remaining memory content is left vulnerable. We present a bytecode interpreter that protects code and data of programs against memory attacks by executing them without using RAM for sensitive content. An...