research-article

MoRE: measurement of running executables

Author:
Jacob Torrey

Assured Information Security, Rome, NY

Assured Information Security, Rome, NY
View Profile

CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research ConferenceApril 2014Pages 117–120https://doi.org/10.1145/2602087.2602105

Published:08 April 2014Publication History

CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference

Pages 117–120

ABSTRACT

MoRE, or Measurement of Running Executables, was a DARPA Cyber Fast Track effort to study the feasibility of utilizing x86 translation look-aside buffer (TLB) splitting techniques for realizing periodic measurements of running and dynamically changing applications. Currently, there are certain applications that interleave code and data that cannot be meaningfully measured during execution due to their polymorphic/dynamically changing nature. This lack of meaningful measurement is a weakness in trusted computing MoRE aimed to, and succeeded to address.

References

S. Sparks and J. Butler, "Shadow Walker: Raising the Bar for Rootkit Detection," in Blackhat Japan, 2005.Google Scholar
P. van Oorschot, A. Somayaji and G. Wurster, "Hardware-assisted circumvention of self-hashing software tamper resistance," in IEEE TDSC, 2005. Google ScholarDigital Library
Intel Corporation. "Intel Software Developer Manuals". 2014Google Scholar

Index Terms

MoRE: measurement of running executables
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Fast and live hypervisor replacement
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Hypervisors are increasingly complex and must be often updated for applying security patches, bug fixes, and feature upgrades. However, in a virtualized cloud infrastructure, updates to an operational hypervisor can be highly disruptive. Before being ...
Read More
Isolating commodity hosted hypervisors with HyperLock
EuroSys '12: Proceedings of the 7th ACM european conference on Computer Systems

Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectively take advantage of the mature features and broad user bases of commodity operating systems. However, they are not immune to exploitable software bugs. ...
Read More
A Comprehensive Implementation and Evaluation of Direct Interrupt Delivery
VEE '15

As the performance overhead associated with CPU and memory virtualization becomes largely negligible, research efforts are directed toward reducing the I/O virtualization overhead, which mainly comes from two sources: DMA set-up and payload copy, and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference
April 2014
134 pages
ISBN:9781450328128
DOI:10.1145/2602087
Editors:
Robert K. Abercrombie
Oak Ridge National Laboratory (ORNL)
,
J. Todd McDonald
University of South Alabama
Copyright © 2014 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 April 2014
Check for updates
Author Tags
code isolation
code measurement
critical software
harvard architecture
hypervisor
real-time analysis
split-TLB
Qualifiers
- research-article
Conference

Acceptance Rates
CISR '14 Paper Acceptance Rate32of50submissions,64%Overall Acceptance Rate69of136submissions,51%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 85
  Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

MoRE: measurement of running executables

CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Fast and live hypervisor replacement

Isolating commodity hosted hypervisors with HyperLock

A Comprehensive Implementation and Evaluation of Direct Interrupt Delivery