TU Darmstadt / ULB / TUbiblio

HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement

Nyman, Thomas and Dessouky, Ghada and Zeitouni, Shaza and Lehikoinen, Aaro and Paverd, Andrew and Asokan, N. and Sadeghi, Ahmad-Reza :
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement.
[Online-Edition: http://arxiv.org/abs/1705.10295]
In: Cryptography and Security, abs/1705.10295
[Article] , (2017)

Official URL: http://arxiv.org/abs/1705.10295

Abstract

Widespread use of memory unsafe programming languages (e.g., C and C++) leaves many systems vulnerable to memory corruption attacks. A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the control flow of the code at run-time, e.g., (fine-grained) randomization or Control Flow Integrity. However, recent work on data-oriented programming (DOP) demonstrated highly expressive (Turing-complete) attacks, even in the presence of these state-of-the-art defenses. Although multiple real-world DOP attacks have been demonstrated, no efficient defenses are yet available. We propose run-time scope enforcement (RSE), a novel approach designed to efficiently mitigate all currently known DOP attacks by enforcing compile-time memory safety constraints (e.g., variable visibility rules) at run-time. We present HardScope, a proof-of-concept implementation of hardware-assisted RSE for the new RISC-V open instruction set architecture. We discuss our systematic empirical evaluation of HardScope which demonstrates that it can mitigate all currently known DOP attacks, and has a real-world performance overhead of 3.2% in embedded benchmarks.

Item Type: Article
Erschienen: 2017
Creators: Nyman, Thomas and Dessouky, Ghada and Zeitouni, Shaza and Lehikoinen, Aaro and Paverd, Andrew and Asokan, N. and Sadeghi, Ahmad-Reza
Title: HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Language: German
Abstract:

Widespread use of memory unsafe programming languages (e.g., C and C++) leaves many systems vulnerable to memory corruption attacks. A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the control flow of the code at run-time, e.g., (fine-grained) randomization or Control Flow Integrity. However, recent work on data-oriented programming (DOP) demonstrated highly expressive (Turing-complete) attacks, even in the presence of these state-of-the-art defenses. Although multiple real-world DOP attacks have been demonstrated, no efficient defenses are yet available. We propose run-time scope enforcement (RSE), a novel approach designed to efficiently mitigate all currently known DOP attacks by enforcing compile-time memory safety constraints (e.g., variable visibility rules) at run-time. We present HardScope, a proof-of-concept implementation of hardware-assisted RSE for the new RISC-V open instruction set architecture. We discuss our systematic empirical evaluation of HardScope which demonstrates that it can mitigate all currently known DOP attacks, and has a real-world performance overhead of 3.2% in embedded benchmarks.

Journal or Publication Title: Cryptography and Security
Volume: abs/1705.10295
Uncontrolled Keywords: Primitives; P3; Solutions; S2
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Date Deposited: 15 Jan 2019 10:58
Official URL: http://arxiv.org/abs/1705.10295
Export:

Optionen (nur für Redakteure)

View Item View Item