Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity

Proceedings - Design Automation Conference

Volumn 05-09-June-2016, Issue , 2016, Pages

  Sullivan, Dean ^a   Arias, Orlando ^a   Davi, Lucas ^b   Larsen, Per ^c   Sadeghi, Ahmad Reza ^b   Jin, Yier ^a  

^a UNIVERSITY OF CENTRAL FLORIDA   (United States)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^c UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COMPUTER AIDED DESIGN; HARDWARE;

CODE REUSE; COMPUTING PLATFORM; CONTROL-FLOW INTEGRITIES; HIGH-EFFICIENCY; LEGACY CODE; SECURITY WEAKNESS; SHARED LIBRARIES; SOFTWARE AND HARDWARES;

RECONFIGURABLE HARDWARE;

EID: 84977156835     PISSN: 0738100X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2897937.2898098     Document Type: Conference Paper

References (26)

1. SPARC International Inc. SPARC V8 processor. http://www.sparc.org
2. The embedded microprocessor benchmark consortium: EEMBC benchmark suite. http://www.eembc.org
3. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-ow integrity: Principles, implementations, and applications. In Proceedings of the 12th ACM Conference on Computer and Communications Secu-rity, CCS'05, 2005
4. W. Arthur, S. Madeka, R. Das, and T. Austin. Locking down insecure indirection with hardware-based controldata isolation. In Proceedings of the 48th International Symposium on Microarchitecture, pages 115-127. ACM, 2015
5. M. Budiu, U. Erlingsson, and M. Abadi. Architectural support for software-based protection. In Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability, ASID'06, pages 42-51, 2006
6. N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross. Control-ow bending: On the eéctiveness of control-ow integrity. In Proceedings of the 24th USENIX Security Symposium, 2015
7. N. Carlini and D. Wagner. ROP is still dangerous: Breaking modern defenses. In Proceedings of the 23rd USENIX Security Symposium, 2014
8. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS'10, 2010
9. Y. Cheng, Z. Zhou, Y. Miao, X. Ding, and R. H. Deng. ROPecker: A generic and practical approach for defending against ROP attacks. In Proceedings of the 21st Annual Network and Distributed System Security Sym-posium, NDSS'14, 2014
10. M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, M. Negro, C. Liebchen, M. Qunaibit, and A.-R. Sadeghi. Losing control: On the eéctiveness of control-ow integrity under stack attacks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 952-963. ACM, 2015
11. T. H. Dang, P. Maniatis, and D. Wagner. The performance cost of shadow stacks and stack canaries. In Proceedings of the 10th ACM Symposium on Informa-tion, Computer and Communications Security, pages 555-566. ACM, 2015
12. L. Davi, M. Hanreich, D. Paul, A.-R. Sadeghi, P. Koeberl, D. Sullivan, O. Arias, and Y. Jin. HAFIX: Hardware-Assisted Flow Integrity Extension. In Pro-ceedings of the 52nd Annual Design Automation Con-ference, page 74. ACM, 2015
13. L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose. Stitching the gadgets: On the ineéctiveness of coarsegrained control-ow integrity protection. In Proceedings of the 23rd USENIX Security Symposium, 2014
14. E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-ow integrity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, SP'14, 2014
15. M. Kayaalp, T. Schmitt, J. Nomani, D. Ponomarev, and N. Abu Ghazaleh. Signature-based protection from code reuse attacks. Computers, IEEE Transactions on, 64(2):533-546, 2015
16. Microsoft. Data execution prevention (DEP), 2006
17. V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP exploit mitigation using indirect branch tracing. In Proceedings of the 22nd USENIX Security Symposium, 2013
18. G. Research. LEON3 synthesizable processor
19. R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur., 15(1):2:1-2:34, 2012
20. F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming: On the dificulty of preventing code reuse attacks in C++ applications. In Proceedings of the 36th IEEE Symposium on Security and Privacy, SP'15, 2015. To appear
21. K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi. Just-in-time code reuse: On the eéctiveness of fine-grained address space layout randomization. In Proceedings of the 34th IEEE Symposium on Security and Privacy, SP'13, 2013. Received the Best Student Paper Award
22. C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, U. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-ow integrity in GCC &LLVM. In Proceedings of the 23rd USENIX Security Sympo-sium, 2014
23. M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On the expressiveness of return-intolibc attacks. In Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID'11, 2011
24. F. Yao, J. Chen, and G. Venkataramani. Jop-alarm: Detecting jump-oriented programming-based anomalies in applications. In Computer Design (ICCD), 2013 IEEE 31st International Conference on, pages 467-470. IEEE, 2013
25. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Sympo-sium on Security and Privacy, SP'09, 2009
26. C. Zhang, T.Wei, Z. Chen, L. Duan, L. Szekeres, S. Mc-Camant, D. Song, and W. Zou. Practical control ow integrity &randomization for binary executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy, SP'13, 2013