A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.

Heap buffer overflow has been extensively studied for many years, but it remains a severe threat to software security. Previous solutions suffer from limitations in that: 1) Some methods need to modify the target programs; 2) Most methods could impose considerable performance overhead. In this paper, we present iCruiser, an efficient heap buffer overflow monitoring system that uses the multi-core technology. Our system is compatible with existing programs, and it can detect the heap buffer overflows concurrently. Compared with the latest heap protection systems, our approach can achieves stronger security guarantees. Experiments show that iCruiser can detect heap buffer overflow attacks effectively with a little performance overhead.

As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.