Hard Edges: Hardware-Based Control-Flow Integrity for Embedded Devices
نویسندگان
چکیده
Control-Flow Integrity (CFI) is a popular technique to defend against State-of-the-Art exploits, by ensuring that every (indirect) control-flow transfer points legitimate address and it part of the Control-flow Graph (CFG) program. Enabling CFI in real systems not straightforward, since many cases actual CFG program can only be approximated. Even case where there perfect knowledge CFG, all return instructions will their call sites, without employing shadow stack, questionable.In this work, we explore implementation full-featured CFI-enabled Instruction Set Architecture (ISA) on hardware. Our new provide finest possible granularity for both intra-function inter-function Integrity. We implement hardware-based (HCFI) modifying SPARC SoC evaluate prototype an FPGA board running SPECInt benchmarks instrumented with fine-grained policy. HCFI effectively protect applications from code-reuse attacks, while adding less than 1% average runtime 2% power consumption overhead, making particularly suitable embedded systems.
منابع مشابه
A survey of Hardware-based Control Flow Integrity (CFI)
Control Flow Integrity (CFI) is a computer security technique that detects runtime attacks by monitoring a program’s branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal is to evaluate the security, limitations, hardware cost, performance, and practicality of using these policies. We show that many a...
متن کاملHCIC: Hardware-assisted Control-flow Integrity Checking
Recently, code reuse attacks (CRAs), such as returnoriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of programs to perform malicious actions without injecting any codes. Many defenses, classed into software-based and hardwarebased, have been proposed. However, softwa...
متن کاملTowards Adaptive Networking for Embedded Devices based on Reconfigurable Hardware
Research in communication networks has shown that the Internet architecture is not sufficient for modern communication areas such as the interconnection networks of super computing centers or sensor and mobile networks. Stringent requirements with respect to performance, cost, and power consumption paired with an increasing demand for flexibility ask for run-time optimization of the computing a...
متن کاملOEI: Operation Execution Integrity for Embedded Devices
We formulate a new security property, called “Operation Execution Integrity” or OEI, tailored for embedded devices. Inspired by the operation-oriented design of embedded programs and considering the limited hardware capabilities of embedded devices, OEI attestation enables selective and practical verification of both control-flow integrity and critical-variable integrity for an operation being ...
متن کاملAbstracting Hardware Devices to Embedded Java Applications
ING HARDWARE DEVICES TO EMBEDDED JAVA APPLICATIONS Mateus Krepsky Ludwich Laboratory for Software and Hardware Integration – LISHA Federal University of Santa Catarina – UFSC P.O.Box 476, 880400900 Florianópolis SC – Brazil [email protected] Antônio Augusto Fröhlich Laboratory for Software and Hardware Integration – LISHA Federal University of Santa Catarina – UFSC P.O.Box 476, 880400900 Flo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2022
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-04580-6_18