RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Proceedings of the 12th ACM conference on Computer and communications security
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
ACM SIGARCH Computer Architecture News
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Code injection attacks on harvard-architecture devices
Proceedings of the 15th ACM conference on Computer and communications security
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
G-Free: defeating return-oriented programming through gadget-less binaries
Proceedings of the 26th Annual Computer Security Applications Conference
Automatic construction of jump-oriented programming shellcode (on the x86)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
SIFT: a low-overhead dynamic information flow tracking architecture for SMT processors
Proceedings of the 8th ACM International Conference on Computing Frontiers
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Transparent ROP exploit mitigation using indirect branch tracing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Code reuse attacks (CRAs) are recent security exploits that allow attackers to execute arbitrary code on a compromised machine. CRAs, exemplified by return-oriented and jump-oriented programming approaches, reuse fragments of the library code, thus avoiding the need for explicit injection of attack code on the stack. Since the executed code is reused existing code, CRAs bypass current hardware and software security measures that prevent execution from data or stack regions of memory. While software-based full control flow integrity (CFI) checking can protect against CRAs, it includes significant overhead, involves non-trivial effort of constructing a control flow graph, relies on proprietary tools and has potential vulnerabilities due to the presence of unintended branch instructions in architectures such as x86---those branches are not checked by the software CFI. We propose branch regulation (BR), a lightweight hardware-supported protection mechanism against the CRAs that addresses all limitations of software CFI. BR enforces simple control flow rules in hardware at the function granularity to disallow arbitrary control flow transfers from one function into the middle of another function. This prevents common classes of CRAs without the complexity and run-time overhead of full CFI enforcement. BR incurs a slowdown of about 2% and increases the code footprint by less than 1% on the average for the SPEC 2006 benchmarks.