<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2769" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; khtml-nbsp-mode: space; khtml-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>Isn't Smashguard the same technology (in software) added to
the latest Microsoft .NET compiler and run time?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>While protecting against one method of hijacking a system
(altering the function return address) - it really doesn't protect from
inserting your own code into a stream and then using an existing jump to jump to
your code - does it? </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>Nor does it protect from altering the system managed data
blocks? </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>That is to say - it only protects one form of a hijack
attack. Or am I missing something? </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>Mike Hines</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>Smashguard most recent CACM publication (Nov 05) is at
-</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2><A
href="https://engineering.purdue.edu/ResearchGroups/SmashGuard/cacm.pdf">https://engineering.purdue.edu/ResearchGroups/SmashGuard/cacm.pdf</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>if you are interested.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>The Smashguard Group web site is at -</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2><A
href="https://engineering.purdue.edu/ResearchGroups/SmashGuard/BoF.html">https://engineering.purdue.edu/ResearchGroups/SmashGuard/BoF.html</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=453142613-14122005><FONT face=Arial
color=#0000ff size=2>I'm not affiliated with that group at Purdue - being on the
Admin side.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><FONT
size=2>-----------------------------------<BR>Michael S
Hines<BR>mshines@purdue.edu </FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> mudge [mailto:mudge@uidzero.org]
<BR><B>Sent:</B> Tuesday, December 13, 2005 6:01 PM<BR><B>To:</B> Hines,
Michael S.<BR><B>Cc:</B> 'Secure Coding Mailing List'<BR><B>Subject:</B> Re:
[SC-L] Intel turning to hardware for rootkit detection <BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><BR class=khtml-block-placeholder></DIV>There was a lady who went to
Purdue, I believe her name was Carla Brodley. She is a professor at Tufts
currently. One of her projects, I'm not sure whether it is ongoing or
historic, was surrounding hardware based stack protection. There wasn't any
protection against heap / pointer overflows and I don't know how it fares when
stack trampoline activities (which can be valid, but are rare outside of older
objective-c code).
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>www.smashguard.org and <FONT class=Apple-style-span face=Arial
color=#317d17 size=3><SPAN class=Apple-style-span
style="FONT-SIZE: 13px"><FONT class=Apple-style-span color=#000000><A
href="https://engineering.purdue.edu">https://engineering.purdue.edu</A>/
ResearchGroups/SmashGuard/smash.html have more
data.</FONT></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><BR
class=khtml-block-placeholder></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial color=#317d17 size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><FONT class=Apple-style-span
color=#000000>I'm not sure if this is a similar solution to what Intel might
be pursuing. I believe the original "smashguard" work was based entirely on
Alpha chips.</FONT></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><BR
class=khtml-block-placeholder></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px">cheers,</SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><BR
class=khtml-block-placeholder></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px">.mudge</SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><BR
class=khtml-block-placeholder></SPAN></FONT></DIV>
<DIV><FONT class=Apple-style-span face=Arial color=#317d17 size=3><SPAN
class=Apple-style-span style="FONT-SIZE: 13px"><FONT class=Apple-style-span
color=#000000><BR></FONT></SPAN></FONT>
<DIV>
<DIV>On Dec 13, 2005, at 15:19, Michael S Hines wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV style="MARGIN: 0px">Doesn't a hardware 'feature' such as this lock
software into a two-state model</DIV>
<DIV style="MARGIN: 0px">(user/priv)?</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Who's to say that model is the best?<SPAN
class=Apple-converted-space> </SPAN>Will that be the model of the
future?<SPAN class=Apple-converted-space> </SPAN></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Wouldn't a two-state software model that works be
more effective? <SPAN class=Apple-converted-space></SPAN></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">It's easier to change (patch) software than to
rewire hardware (figuratively speaking).</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Just wondering...</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV style="MARGIN: 0px">Mike Hines</DIV>
<DIV style="MARGIN: 0px">-----------------------------------</DIV>
<DIV style="MARGIN: 0px">Michael S Hines</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:mshines@purdue.edu">mshines@purdue.edu</A><SPAN
class=Apple-converted-space> </SPAN></DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px"><BR></DIV>
<DIV
style="MARGIN: 0px">_______________________________________________</DIV>
<DIV style="MARGIN: 0px">Secure Coding mailing list (SC-L)</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:SC-L@securecoding.org">SC-L@securecoding.org</A></DIV>
<DIV style="MARGIN: 0px">List information, subscriptions, etc - <A
href="http://krvw.com/mailman/listinfo/sc-l">http://krvw.com/mailman/listinfo/sc-l</A></DIV>
<DIV style="MARGIN: 0px">List charter available at - <A
href="http://www.securecoding.org/list/charter.php">http://www.securecoding.org/list/charter.php</A></DIV></BLOCKQUOTE></DIV><BR></DIV></BLOCKQUOTE></BODY></HTML>