TU Darmstadt / ULB / TUbiblio

HAFIX: Hardware-Assisted Flow Integrity Extension

Arias, Orlando and Davi, Lucas and Hanreich, Matthias and Jin, Yier and Koeberl, Patrick and Paul, Debayan and Sadeghi, Ahmad-Reza and Sullivan, Dean (2015):
HAFIX: Hardware-Assisted Flow Integrity Extension.
In: 52nd Design Automation Conference (DAC),
[Conference or Workshop Item]

Abstract

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of \hwcfi\ for the Intel Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Arias, Orlando and Davi, Lucas and Hanreich, Matthias and Jin, Yier and Koeberl, Patrick and Paul, Debayan and Sadeghi, Ahmad-Reza and Sullivan, Dean
Title: HAFIX: Hardware-Assisted Flow Integrity Extension
Language: German
Abstract:

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of \hwcfi\ for the Intel Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Title of Book: 52nd Design Automation Conference (DAC)
Uncontrolled Keywords: ICRI-SC;Secure Things; Solutions; S2
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2015-0039
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details