Architectural support for software-based protection

@inproceedings{Budiu2006ArchitecturalSF,
  title={Architectural support for software-based protection},
  author={Mihai Budiu and {\'U}lfar Erlingsson and Mart{\'i}n Abadi},
  booktitle={ASID '06},
  year={2006}
}
Control-Flow Integrity (CFI) is a property that guarantees program control flow cannot be subverted by a malicious adversary, even if the adversary has complete control of data memory. We have shown in prior work how CFI can be enforced by using inlined software guards that perform safety checks. The first part of this paper shows how modest Instruction Set Architecture (ISA) support can replace such guard code with single instructions.On the foundation of CFI we have implemented XFI: a… 

Figures and Tables from this paper

Hardware control flow integrity
TLDR
This chapter specifies a CFI model that captures many known CFI techniques, including stateless and stateful approaches as well as fine-grained and coarse-graining CFI policies, and designs and implements a novel hardwareenhanced CFI.
HCFI: Hardware-enforced Control-Flow Integrity
TLDR
This paper acknowledges the importance of a shadow stack for supporting and strengthening any CFI policy and projects that implementing a full-featured CFI-enabled Instruction Set Architecture (ISA) in actual hardware with an in-chip secure memory can be efficiently carried out and the prototype experiences negligible overheads.
A Formal Model for Capability Machines
TLDR
A paper formal model of the CHERI architecture is provided with the aim of formal reasoning about the security guarantees that can be offered by the features of CHERi, and it is proved that capabilities are unforgeable in this model.
Control-flow integrity principles, implementations, and applications
TLDR
Control-flow integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
RAGuard: A Hardware Based Mechanism for Backward-Edge Control-Flow Integrity
TLDR
This work proposes a novel hardware-assisted mechanism (RAGuard) that binds a message authentication code to each return address and enhances security via a physical unclonable function and a hardware hash function.
RAGuard
TLDR
RAGuard is proposed, an efficient and user-transparent hardware-based approach to prevent Return-Oreiented Programming attacks that binds a message authentication code (MAC) to each return address to protect its integrity.
An Efficient Hardware Support for Control Data Validation
TLDR
This work proposes a new hardware mechanism to accelerate the CFI validation, utilizes the branch prediction unit of modern processors to reduce the frequency of necessary validation, and proposes to use a small hardware structure called indirect branch filter cache (IBF cache) to further reduce thefrequency of validation.
CFIMon: Detecting violation of control flow integrity using performance counters
TLDR
CFIMon is the first non-intrusive system that can detect and reason about a variety of attacks violating control flow integrity without any changes to applications or requiring special-purpose hardware.
Micro-Policies: Formally Verified, Tag-Based Security Monitors
TLDR
This work proposes a methodology for defining and reasoning about tag-based reference monitors in terms of a high-level "symbolic machine" and uses this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety.
Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity
TLDR
This paper presents a generic hardware-enhanced CFI scheme that fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist.
...
...

References

SHOWING 1-10 OF 26 REFERENCES
Control-flow integrity
TLDR
Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
XFI: software guards for system address spaces
TLDR
This work has implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter.
Secure program execution via dynamic information flow tracking
TLDR
This work presents a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead and is transparent to users or application programmers.
Minos: Control Data Attack Prevention Orthogonal to Memory Model
  • J. Crandall, F. Chong
  • Computer Science
    37th International Symposium on Microarchitecture (MICRO-37'04)
  • 2004
TLDR
A microarchitectural implementation of Minos is presented that achieves negligible impact on cycle time with a small investment in die area, and minor changes to the Linux kernel to handle the tag bits and perform virtual memory swapping.
A Hardware-Software Platform for Intrusion Prevention
  • M. Drinic, D. Kirovski
  • Computer Science
    37th International Symposium on Microarchitecture (MICRO-37'04)
  • 2004
TLDR
A novel, simplified, hardware-assisted intrusion prevention platform that introduces overlapping of program execution and MAC verification, and a novel optimization technique that initially identifies instructions that are likely to stall execution, and reorders basic blocks within a given instruction block to minimize the execution overhead.
Securing software by enforcing data-flow integrity
TLDR
An efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead is described and can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.
A Theory of Secure Control Flow
TLDR
This paper develops the basic theory that underlies two practical techniques for CFI enforcement, with precise formulations of hypotheses and guarantees.
Efficient software-based fault isolation
TLDR
It is demonstrated that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
Efficient and flexible architectural support for dynamic monitoring
TLDR
The intelligent watcher (iWatcher) is introduced, a novel architectural scheme to monitor dynamic execution automatically, flexibly, and with minimal overhead, and can optionally leverage thread-level speculation (TLS).
Anomalous path detection with hardware support
TLDR
This paper proposes a hardware-based approach to verify program execution paths of target applications dynamically and to detect anomalous executions and offers multiple advantages over software based solutions including minor performance degradation, much stronger detection capability and zero-latency reaction upon an anomaly for near real time detection and thus much better security.
...
...