TU Darmstadt / ULB / TUbiblio

HAFIX: Hardware-Assisted Flow Integrity Extension

Arias, Orlando ; Davi, Lucas ; Hanreich, Matthias ; Jin, Yier ; Koeberl, Patrick ; Paul, Debayan ; Sadeghi, Ahmad-Reza ; Sullivan, Dean :
HAFIX: Hardware-Assisted Flow Integrity Extension.
52nd Design Automation Conference (DAC)
[Konferenz- oder Workshop-Beitrag], (2015)

Kurzbeschreibung (Abstract)

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of \hwcfi\ for the Intel Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2015
Autor(en): Arias, Orlando ; Davi, Lucas ; Hanreich, Matthias ; Jin, Yier ; Koeberl, Patrick ; Paul, Debayan ; Sadeghi, Ahmad-Reza ; Sullivan, Dean
Titel: HAFIX: Hardware-Assisted Flow Integrity Extension
Sprache: Deutsch
Kurzbeschreibung (Abstract):

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of \hwcfi\ for the Intel Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Buchtitel: 52nd Design Automation Conference (DAC)
Freie Schlagworte: ICRI-SC;Secure Things;S2
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 04 Aug 2016 10:13
ID-Nummer: TUD-CS-2015-0039
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen