Tuesday, September 30, 2014

A Run-time Non-invasive Approach to Defending against ROP and JOP Attacks

<For some reason, I cannot public it. But I'm planning to open it at some time later >

This blog presents an idea to defend against both ROP (Return-oriented Programming) and JOP (Jump-oriented Programming) attacks ...

It is a low-overhead, real-time, and non-invasive solution with no need target exploit binary/source change. 

Sunday, September 28, 2014

Why smaller code size with XEN on ARM?

This white paper (Xen ARM with Virtualization Extensions whitepaperindicates that "Xen on ARM is 1/6 of the code size of x86_64 Xen, while still providing a similar level of features". what does this mean? Does this mean that Xen/ARM is better than Xen/x86? We cannot simply just make this conclusion, but anyway smaller code size means smaller TCB, which can reduce security risks (e.g. security vulnerabilities). 

ARM TrustZone (Security Extension) and Virtualization Extension vs x86 Virtualization Technology

A typical virtualization system on both x86 and ARM includes three major parts:
  • CPU virtualization
  • Memory virtualization, and 
  • I/O virtualization (device, interrupt virtualization).