Leveraging microarchitectural side channel information to efficiently enhance program control flow integrity

Stack buffer overflow is a serious security threat to program execution. A malicious attacker may overwrite the return address of a procedure to alter its control flow and hence change its functionality. While a number of hardware and/or software based protection schemes have been developed, these c...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2014 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS) : October 12-17, 2014, Jaypee Greens Golf and Spa Resort, New Delhi, India s. 1 - 9
Hlavní autori: Chen Liu, Chengmo Yang, Yuanqi Shen
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: ACM 01.10.2014
Predmet:
Accuracy
Hardware
Instruction Cache
Monitoring
Prefetching
Radiation detectors
Return Address Stack
Runtime
Security
Stack Buffer Overflow
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Stack buffer overflow is a serious security threat to program execution. A malicious attacker may overwrite the return address of a procedure to alter its control flow and hence change its functionality. While a number of hardware and/or software based protection schemes have been developed, these counter-measures introduce sizable overhead in performance and energy, thus limiting their applicability to embedded systems. To reduce such overhead, our goal is to develop a low-cost scheme to "filter out" potential stack buffer overflow attacks. Our observation is that attacks to control flow will trigger certain microarchitectural events, such as mis-predictions in the return address stack or misses in the instruction cache. We therefore propose a hardware-based scheme to monitor these events. Only upon detecting any suspicious behavior, a more precise but costly diagnosis scheme will be invoked to thoroughly check control flow integrity. Meanwhile, to further reduce the rate of false positives of the security filter, we propose three enhancements to the return address stack, instruction prefetch engine and instruction cache, respectively. The results show that these enhancements effectively reduce more than 95% of false positives with almost no false negatives introduced.
DOI:10.1145/2656075.2656092