Hardware-assisted fine-grained control-flow integrity: Towards efficient protection of embedded systems against software exploitation

Proceedings - Design Automation Conference

Volumn , Issue , 2014, Pages

  Davi, Lucas ^a   Koeberl, Patrick ^a   Sadeghi, Ahmad Reza ^a  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED DESIGN; EMBEDDED SYSTEMS;

CONTROL-FLOW INTEGRITIES; EFFICIENT PROTECTIONS; HARDWARE-ASSISTED; RESOURCE CONSTRAINT; SECURITY HARDWARE; STATE MODELING; TRANSFER CONTROL; WEARABLE DEVICES;

HARDWARE;

EID: 84903161773     PISSN: 0738100X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2593069.2596656     Document Type: Conference Paper

References (20)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-ow integrity: Principles, implementations, and applications. ACM Trans. Inf. Syst. Secur., 13(1), 2009.
2. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with WIT. In IEEE Symposium on Security and Privacy, S&P '08, 2008.
3. Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(14), 1996.
4. M. Budiu, U. Erlingsson, and M. Abadi. Architectural support for software-based protection. In Workshop on Architectural and System Support for Improving Software Dependability, ASID '06, 2006.
5. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM Conference on Computer and Communications Security, CCS '10, 2010.
6. L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nurnberger, and A.-R. Sadeghi. MoCFI: A framework to mitigate control-ow attacks on smartphones. In Network and Distributed System Security Symposium, NDSS '12, 2012.
7. J. DeMott. Bypassing EMET 4.1. http://labs. bromium.com/2014/02/24/ bypassing-emet-4-1/, 2014.
8. E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-ow integrity. In IEEE Symposium on Security and Privacy, S&P '14, 2014.
9. T. H. Jannik Pewny. Control-ow restrictor: Compiler-based CFI for iOS. In Annual Computer Security Applications Conference, ACSAC '13, 2013.
10. A. K. Kanuparthi, J. Rajendran, M. Zahran, and R. Karri. Dynamic sequence checking of programs to detect code reuse attacks. Technical report, 2013. http://isis.poly.edu/~arun/tvlsi.pdf.
11. P. Kocher, R. Lee, G. McGraw, and A. Raghunathan. Security as a new dimension in embedded system design. In Annual Design Automation Conference, DAC '04, 2004.
12. V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX conference on Security, SSYM'13, 2013.
13. J. Pincus and B. Baker. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy, 2(4), July 2004.
14. J. Rattner. Extreme scale computing. ISCA Keynote, 2012.
15. S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady. Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst., 3(3), Aug. 2004.
16. H. Shacham. The geometry of innocent esh on the bone: Return-into-libc without function calls (on the x86). In ACM Conf. on Computer and Communications Security, CCS '07, 2007.
17. K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE Symposium on Security and Privacy, S&P '13, 2013.
18. Y. Xia, Y. Liu, H. Chen, and B. Zang. CFIMon: Detecting violation of control ow integrity using performance counters. In Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN '12, 2012.
19. M. Zhang and R. Sekar. Control ow integrity for COTS binaries. In USENIX conference on Security, SSYM'13, 2013.
20. T. Zhang, X. Zhuang, S. Pande, and W. Lee. Anomalous path detection with hardware support. In Proceedings of the 2005 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, CASES '05, 2005.