High System-Code Security with Low Overhead

Explore a cutting-edge approach to enhancing system-code security without compromising performance in this IEEE Symposium presentation. Delve into the innovative ASAP tool, which allows developers to set acceptable overhead limits while automatically maximizing security measures. Discover how this method effectively balances the trade-off between security and performance by focusing on "cold" checks crucial for security while minimizing "hot" checks that contribute to most overhead. Examine the tool's effectiveness through evaluations on Phoronix and SPEC benchmark suites, as well as its ability to protect against real-world vulnerabilities in RIPE, OpenSSL, and the Python interpreter. Gain insights into the implementation, cost considerations, and experimental results that demonstrate ASAP's precision in selecting optimal security-performance trade-offs.

Introduction
High SystemCode Security
Sanity Checks
Can we remove the overhead
What is the overhead
Our approach
Results
Implementation
Cost
Security
Experiments
Overhead