Leveraging microarchitectural side channel information to efficiently enhance program control flow integrity

Stack buffer overflow is a serious security threat to program execution. A malicious attacker may overwrite the return address of a procedure to alter its control flow and hence change its functionality. While a number of hardware and/or software based protection schemes have been developed, these c...

Full description

Saved in:
Bibliographic Details
Published in:2014 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS) : October 12-17, 2014, Jaypee Greens Golf and Spa Resort, New Delhi, India pp. 1 - 9
Main Authors: Chen Liu, Chengmo Yang, Yuanqi Shen
Format: Conference Proceeding
Language:English
Published: ACM 01.10.2014
Subjects:
Accuracy
Hardware
Instruction Cache
Monitoring
Prefetching
Radiation detectors
Return Address Stack
Runtime
Security
Stack Buffer Overflow
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Stack buffer overflow is a serious security threat to program execution. A malicious attacker may overwrite the return address of a procedure to alter its control flow and hence change its functionality. While a number of hardware and/or software based protection schemes have been developed, these counter-measures introduce sizable overhead in performance and energy, thus limiting their applicability to embedded systems. To reduce such overhead, our goal is to develop a low-cost scheme to "filter out" potential stack buffer overflow attacks. Our observation is that attacks to control flow will trigger certain microarchitectural events, such as mis-predictions in the return address stack or misses in the instruction cache. We therefore propose a hardware-based scheme to monitor these events. Only upon detecting any suspicious behavior, a more precise but costly diagnosis scheme will be invoked to thoroughly check control flow integrity. Meanwhile, to further reduce the rate of false positives of the security filter, we propose three enhancements to the return address stack, instruction prefetch engine and instruction cache, respectively. The results show that these enhancements effectively reduce more than 95% of false positives with almost no false negatives introduced.
DOI:10.1145/2656075.2656092