ABSTRACT
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.
- Gaisler Research. LEON3 synthesizable processor. http://www.gaisler.com.Google Scholar
- Gaisler Research. Bare-C Cross-compiler system (BCC). http://www.gaisler.com/index.php/products/operating-systems/bcc.Google Scholar
- M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM Trans. Inf. Syst. Secur., 13(1), 2009. Google ScholarDigital Library
- M. Budiu, U. Erlingsson, and M. Abadi. Architectural support for software-based protection. In Workshop on Architectural and System Support for Improving Software Dependability, ASID '06, 2006. Google ScholarDigital Library
- S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM Conference on Computer and Communications Security, CCS '10, 2010. Google ScholarDigital Library
- T. H. Dang, P. Maniatis, and D. Wagner. The performance cost of shadow stacks and stack canaries. In ACM Symposium on Information, Computer and Communications Security, ASIACCS '15, 2015. Google ScholarDigital Library
- L. Davi, P. Koeberl, and A.-R. Sadeghi. Hardware-assisted fine-grained control-flow integrity: Towards efficient protection of embedded systems against software exploitation. In Annual Design Automation Conference - Special Session: Trusted Mobile Embedded Computing, DAC '14, 2014. Google ScholarDigital Library
- L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX conference on Security, SSYM'14, 2014. Google ScholarDigital Library
- A. Francillon and C. Castelluccia. Code injection attacks on Harvard-architecture devices. In ACM Conf. on Computer and Communications Security, CCS '08, 2008. Google ScholarDigital Library
- J. Gaisler, E. Catovic, M. Isomaki, K. Glembo, and S. Habinc. GRLIB IP Core User's Manual, 2008.Google Scholar
- E. Göktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In IEEE Symposium on Security and Privacy, S&P '14, 2014. Google ScholarDigital Library
- M. Kayaalp, M. Ozsoy, N. Abu-Ghazaleh, and D. Ponomarev. Branch regulation: Low-overhead protection from code reuse attacks. In Annual International Symposium on Computer Architecture, ISCA '12, 2012. Google ScholarDigital Library
- V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX conference on Security, SSYM'13, 2013. Google ScholarDigital Library
- J. Rattner. Extreme scale computing. ISCA Keynote, 2012.Google Scholar
- H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM Conf. on Computer and Communications Security, CCS '07, 2007. Google ScholarDigital Library
- C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ú. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in GCC & LLVM. In USENIX conference on Security, SSYM'14, 2014. Google ScholarDigital Library
- Y. Xia, Y. Liu, H. Chen, and B. Zang. CFIMon: Detecting violation of control flow integrity using performance counters. In Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN '12, 2012. Google ScholarDigital Library
- M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX conference on Security, SSYM'13, 2013. Google ScholarDigital Library
Index Terms
- HAFIX: hardware-assisted flow integrity extension
Recommendations
Detecting Insider Theft of Trade Secrets
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Comments