skip to main content
10.1145/1736020.1736062acmconferencesArticle/Chapter ViewAbstractPublication PagesasplosConference Proceedingsconference-collections
research-article

Orthrus: efficient software integrity protection on multi-cores

Published:13 March 2010Publication History

ABSTRACT

This paper proposes an efficient hardware/software system that significantly enhances software security through diversified replication on multi-cores. Recent studies show that a large class of software attacks can be detected by running multiple versions of a program simultaneously and checking the consistency of their behaviors. However, execution of multiple replicas incurs significant overheads on today's computing platforms, especially with fine-grained comparisons necessary for high security. Orthrus exploits similarities in automatically generated replicas to enable simultaneous execution of those replicas with minimal overheads; the architecture reduces memory and bandwidth overheads by compressing multiple memory spaces together, and additional power consumption and silicon area by eliminating redundant computations. Utilizing the hardware architecture, Orthrus implements a fine-grained memory layout diversification with the LLVM compiler and can detect corruptions in both pointers and critical data. Experiments indicate that the Orthrus architecture incurs minimal overheads and provides a protection against a broad range of attacks.

References

  1. T. Austin. DIVA: A reliable substrate for deep submicron microarchitecture design. In Proceedings of the 32th International Symposium on Microarchitecture, November 1999. Google ScholarGoogle Scholar
  2. E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS03), 2003. Google ScholarGoogle Scholar
  3. E. D. Berger and B. G. Zorn. DieHard: Probabilistic memory safety for unsafe languages. In PLDI '06: Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, 2006. Google ScholarGoogle Scholar
  4. S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploitsth. In Proceedings of 12th USENIX Security Symposium, 2003. Google ScholarGoogle Scholar
  5. S. Biswas, D. Franklin, A. Savage, R. Dixon, T. Sherwood, and F. T. Chong. Multi-execution: multicore caching for data-similar executions. In Proceeding of the 36th International Symposium on Computer Architecture, June 2009. Google ScholarGoogle Scholar
  6. T. Bressoud and F. Schneider. Hypervisor-based fault tolerance. In 15th ACM Symposium on Operating Systems Principles, 1995. S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. Gibbons, T. Mowry, Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. V. Ramachandran, O. Ruwase, M. Ryan, and E. Vlachos. Flexible hardware acceleration for instruction-grain program monitoring. In Proceedings of the 35th International Symposium on Computer Architecture, June 2008. Google ScholarGoogle Scholar
  8. M. Chew and D. Song. Mitigating buffer overflows by operating system randomization. In Technical Report CMU-CS-02-197, 2002.Google ScholarGoogle Scholar
  9. J. Clause, I. Doudalis, A. Orso, and M. Prvulovic. Effective memory protection using dynamic tainting. In Proceedings of the 22nd International Conference on Automated Software Engineering, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th USENUX Security Symposium, August 2006. Google ScholarGoogle Scholar
  11. J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the 37th International Conference on Microarchitecture, December 2004. Google ScholarGoogle Scholar
  12. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible information flow architecture for software security. In Proceedings of the 34th International Symposium on Computer Architecture, June 2007. Google ScholarGoogle Scholar
  13. J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: architectural support for spatial safety of the C programming language. In ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pages 103--114, 2008. Google ScholarGoogle Scholar
  14. J. Devietti, B. Lucia, L. Ceze, and M. Oskin. Dmp: deterministic shared memory multiprocessing. In ASPLOS XIV: Proceeding of the 14th international conference on Architectural support for programming languages and operating systems, 2009. Google ScholarGoogle Scholar
  15. D. Dhurjati and V. Adve. Backwards-compatible array bounds checking for C with very low overhead. In Proceeding of the 28th International Conference on Software Engineering, May 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. S. Forrest, A. Somayaji, and D. H. Ackley. Building diverse computer systems. In Proceedings of 6th Workshop on Hot Topics in Operating Systems, 1997. Google ScholarGoogle Scholar
  17. M. Franz. Understanding and countering insider threats in software development. In Proceedings of the 2008 International Conference on e-Technologies, January 2008. Google ScholarGoogle Scholar
  18. J. L. Henning. SPEC CPU2000: Measuring CPU performance in the new millennium. IEEE Computer, July 2000. Google ScholarGoogle Scholar
  19. D. R. Hower and M. D. Hill. Rerun: Exploiting episodes for lightweight memory race recording. In Proceedings of the 35th International Symposium on Computer Architecture, June 2008. Google ScholarGoogle Scholar
  20. Intel Inc. Intel Details Upcoming New Processor Generations, 2007. http://www.intel.com/pressroom/archive/releases/20070328fact.html.Google ScholarGoogle Scholar
  21. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y.Wang. Cyclone: A safe dialect of C. In Proceedings of the USENIX Annual Technical Conference, 2002. Google ScholarGoogle Scholar
  22. H. Kannan. Ordering decoupled metadata accesses in multiprocessors. In ACM/IEEE 42nd International Symposium on Microarchitecture (MICRO-42), December 2009. Google ScholarGoogle Scholar
  23. G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering codeinjection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS03), 2003. Google ScholarGoogle Scholar
  24. C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the 2004 International Symposium on Code Generation and Optimization, March 2004. Google ScholarGoogle Scholar
  25. S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bugbench: Benchmarks for evaluating bug detection tools. In Workshop on the Evaluation of Software Defect Detection Tools(PLDI'05), 2005.Google ScholarGoogle Scholar
  26. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S.Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of the 2005 Conference on Programming Language Design and Implementation International (PLDI), June 2005. Google ScholarGoogle Scholar
  27. P. Montesinos, L. Ceze, and J. Torrellas. DeLorean: Recording and deterministically replaying shared-memory multiprocessor execution effciently. In Proceedings of the 35th International Symposium on Computer Architecture, June 2008. Google ScholarGoogle Scholar
  28. V. Nagarajan, H.-S. Kim, Y. Wu, and R. Gupta. Dynamic information flow tracking on multicores. In Proceedings of the Workshop on Interaction between Compilers and Computer Architectures, 2008.Google ScholarGoogle Scholar
  29. S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound: highly compatible and complete spatial memory safety for c. In PLDI '09: Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, pages 245--258, 2009. Google ScholarGoogle Scholar
  30. G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages, 2002. Google ScholarGoogle Scholar
  31. A. Nguyen-Tuong, D. Evans, J. C. Knight, B. Cox, and J. W. Davidson. Security through redundant data diversity. In Proceedings of the 38th IEEE/IFPF International Conference on Dependable Systems and Networks, Dependable Computing and Communications Symposium, 2008.Google ScholarGoogle Scholar
  32. R. Pucella and R. B. Schneider. Independence from obfuscation: A semantic framework for diversity. In Proceedings of the 2006 Computer Security Foundations Workshop, 2006. Google ScholarGoogle Scholar
  33. O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.Google ScholarGoogle Scholar
  34. B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems, 2009. Google ScholarGoogle Scholar
  35. R. C. Seacord. Secure Coding in C and C++ (SEI Series in Software Engineering). Addison--Wesley Professional, 2005. ISBN 0321335724. Google ScholarGoogle Scholar
  36. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004. Google ScholarGoogle Scholar
  37. W. Shi, H.-H. S. Lee, L. Falk, and M. Ghosh. INDRA: An integrated framework for dependable and revivable architectures using multicore processors. In Proceedings of the 33rd International Symposium on Computer Architecture, 2006. Google ScholarGoogle Scholar
  38. P. Shivakumar and N. J. Jouppi. CACTI 3.0: An integrated cache timing, power, and area model. Technical report, WRL Research Report, Feb. 2001.Google ScholarGoogle Scholar
  39. A. N. Sovarel, D. Evans, and N. Paul. Wheres the FEEB? the effectiveness of instruction set randomizationth. In Proceedings of the 14th USENIX Security Symposium, 2005. Google ScholarGoogle Scholar
  40. G. E. Suh, J. Lee, D. X. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th Int'l Conference on Architectural Support for Programming Languages and Operating Systems, October 2004. Google ScholarGoogle Scholar
  41. J. Tucek, W. Xiong, and Y. Zhou. Efficient online validation with delta execution. In Proceedings of the 14th International Conference on Architecture Support for Programming Languages and Operating Systems, 2009. Google ScholarGoogle Scholar
  42. S. Vlaovic. TAXI: Trace analysis for x86 interpretation. In Proceedings of the 2002 IEEE International Conference on Computer Design, pages 508--514, 2002. Google ScholarGoogle Scholar
  43. C. Weaver and T. Austin. A fault tolerant approach to microprocessor design. In IEEE International Conference on Dependable Systems and Networks (DSN-2001), June 2001. Google ScholarGoogle Scholar
  44. J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proceedings of 22nd International Symposium on Reliable Distributed Systems (SRDS03), 2003.Google ScholarGoogle Scholar
  45. A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In NSDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. P. Zhou, W. Liu, L. Fei, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torrellas. Accmon: Automatically detecting memory-related bugs via program counter-based invariants. In 37th International Symposium on Microarchitecture (MICRO), pages 269--280, 2004. Google ScholarGoogle Scholar
  47. M. Zitser, R. Lippmann, and T. Leek. Testing static analysis tools using exploitable buffer overflows from open source code. SIGSOFT Softw. Eng. Notes, 29(6):97--106, 2004. Google ScholarGoogle Scholar

Index Terms

  1. Orthrus: efficient software integrity protection on multi-cores

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!