You are here: silicon.com > Resources > White Papers > Desktops, Laptops and OS > Desktop Client OS > Linux - Open Source

Linux - Open Source White Papers

Secure Execution Via Program Shepherding

Overview This paper introduces program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three techniques as building blocks for security policies. First, shepherding can restrict execution privileges on the basis of code origins. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. Second, shepherding can restrict control transfers based on instruction class, source, and target. For example, shepherding can forbid execution of shared library code except through declared entry points, and can ensure that a return instruction only targets the instruction after a call. Finally, shepherding guarantees that sandboxing checks placed around any type of program operation will never be bypassed.

Further White Paper Details
Publisher	Massachusetts Institute of Technology	File Format	PDF
Date Published	August 2002
Format	White Papers
Topics	Linux - Open Source, Security Management, Linux Server OS

Did you find this white paper useful?

Intel Tools for Thread-Oriented Development on Linux

Publisher:
Intel

Web Hosting Company Easily Deploys New Server Solution on a Multiplatform Network

Publisher:
Microsoft

Tags:
customer support services

Business Integration Technology Case Study: Novus International

Publisher:
Business Integration Technology

Live From Redmond: Visual WebGui: Silverlight for Line-of-Business Application

Publisher:
Microsoft Tips

Tags:
graphics applications

Live From Redmond: Visual WebGui: An Enterprise AJAX Application in 20 Minutes

Publisher:
Microsoft Tips

Tags:
programming languages

A year in review: security experts issue year-end hacker warning

There are already rumours that two malicious denial-of-service programs, Tribe Flood Network and Trinoo, could be being improved in preparation for New Year attacks. The programs bombard specific points on the Internet until the target freezes up.

Channel:
Security Strategy

Taking care of business: Global plc versus the e-criminals

Melissa still lurks in the memory, while distributed denial of service attacks as well as other forms of malicious code have recently taken their best shots at crippling Global plc. Cyber crime is a growing problem for corporates around the world...

Channel:
Comment & Analysis

Industrial Defender protects against digital attack

They have remote dial-in capabilities for their remote engineers and have to have a way to guard those entry points. Such networks -- the two common types being Supervisory Control and Data Acquisition (SCADA) networks and Distributed Control...

Antipodean hacker activity on the rise

The results of the report also indicate that most hacking systems favour targets within the same geographic locations as their launch origin, with the exception of South Korea; which was the only country in the top 10 ranks to prefer overseas...

Channel:
Security Strategy

Quocirca's Straight Talking: Get smart about wireless security

In theory, any programmable device regardless of its size can be targeted with viruses and other sorts of malicious attacks. The concept of authenticating the integrity of the device as well as the user ID during connection has therefore emerged...

3,300 new viruses hit computers

Around 3,300 new malicious codes have been detected by security software provider Trend Micro between August 1 - 20 this year The malicious codes consisted mainly of Trojans, back-doors and worms. This month also saw the continued release of...

Channel:
Malware

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Linux - Open Source White Papers

Secure Execution Via Program Shepherding

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific