TOP PAGETokyo Research LaboratoryEmploymentProjectsRelated InformationIBM Research
Japanese page is not available yet.

Questions and Comments

  • see implementation note and also supported platforms.
  • For logging and protection with random canary
    Programs compiled with it will have a dependence on /dev/log and /dev/urandom. Any programs compiled with it that are chroot'ed will need to take this into account. /dev/log can be added by use of the -a argument to syslogd and /dev/urandom can be re-created using mknod /[chroot_path]/dev/urandom c 1 9.
Protect methods
  • Protect what?
    more than N length array of 'char', 'unsigned char', 'signed char', and its derivatives used as a local variable and a function argument.
  • Why N is seven?
    N is the experimental constant, and it is seven. I examined every program used in RedHat Linux 6.2 how many strings are declared and what is the size. I remember the ratio of the existence of less than 8 characters of string is small (10-20%, sorry I forgot the exact figure). I think, even if N is one, the overhead of protected instruments is not increased so much.
Change Logs
  • add protection environment (March 12, 2003)
  • add protected data type (Februray 17, 2003)

Research home IBM home Order Privacy Legal Contact IBM
Last modified 2 Oct 2000