CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

RAGuard: A hardware based mechanism for backward-edge control-flow integrity

J. Zhang ; R. Hou ; J. Fan ; K. Liu ; L. Zhang ; Sally A McKee (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
14th ACM International Conference on Computing Frontiers, CF 2017, Siena, Italy, 15-17 May 2017 p. 27-34. (2017)
[Konferensbidrag, refereegranskat]

Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse attacks, which utilize benign code sequences to realize arbitrary computation. Cur rent approaches can efficiently protect Control-flow transfers caused by indirect jumps and function calls (forward-edge CFI). However, they cannot effectively protect Control-flow caused by the function return (backward-edge CFI). The reason is that the set of return addresses of the functions that are frequently called can be very large, which might bend the backward-edge CFI. We address this backward-edge CFI problem by proposing a novel hardware-assisted mechanism (RAGuard) that binds a message authentication code to each return address and enhances security via a physical unclonable function and a hardware hash function. The message authentication codes can be stored on the program stack with return address. RAGuard hardware automatically verifies the integrity of return addresses. Our experiments show that for a subset of the SPEC CPU2006 benchmarks, RAGuard incurs 1.86% runtime overheads on average with no need for OS support.

Nyckelord: Backward-edge control-flow integrity, Hardware hash function, Message authentication code, Physical unclonable function, Return address, Return oriented programming

Denna post skapades 2017-08-30.
CPL Pubid: 251503


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)



Chalmers infrastruktur