Abstract
Heterogeneous Chip Multiprocessors have been shown to provide significant performance and energy efficiency gains over homogeneous designs. Recent research has expanded the dimensions of heterogeneity to include diverse Instruction Set Architectures, called Heterogeneous-ISA Chip Multiprocessors. This work leverages such an architecture to realize substantial new security benefits, and in particular, to thwart Return-Oriented Programming. This paper proposes a novel security defense called HIPStR -- Heterogeneous-ISA Program State Relocation -- that performs dynamic randomization of run-time program state, both within and across ISAs. This technique outperforms the state-of-the-art just-in-time code reuse (JIT-ROP) defense by an average of 15.6%, while simultaneously providing greater security guarantees against classic return-into-libc, ROP, JOP, brute force, JIT-ROP, and several evasive variants.
- R. Kumar, D. M. Tullsen, N. Jouppi, and P. Ranganathan, "Heterogeneous chip multiprocessors," Computer, vol. 38, no. 11, 2005.Google Scholar
- "Variable SMP - A Multi-Core CPU Architecture for Low Power and High Performance," tech. rep., NVidia, 2011.Google Scholar
- P. Greenhalgh, "big.LITTLE Processing with ARM Cortex- A15 & Cortex-A7," tech. rep., ARM, 2011.Google Scholar
- M. Hill and M. Marty, "Amdahl's Law in the Multicore Era," Computer, July 2008.Google Scholar
- "2nd Generation Intel Core vPro Processor Family," tech. rep., Intel, 2008.Google Scholar
- "The future is fusion: The Industry-Changing Impact of Accelerated Computing.," tech. rep., AMD, 2008.Google Scholar
- "The Benefits of Multiple CPU Cores in Mobile Devices," tech. rep., NVidia, 2010.Google Scholar
- J. A. Kahle, M. N. Day, H. P. Hofstee, C. R. Johns, T. R. Maeurer, and D. Shippy, "Introduction to the Cell multiprocessor," IBM Journal of Research and Development, July 2005.Google Scholar
- L. A. Barroso and U. Holzle, "The case for energy-proportional computing," IEEE computer, 2007.Google Scholar
- D. Lo, L. Cheng, R. Govindaraju, L. A. Barroso, and C. Kozyrakis, "Towards energy proportionality for large-scale latency-critical workloads," in Proceedings of the 41st Annual International Symposium on Computer Architecuture, 2014.Google Scholar
- G. Varsamopoulos, Z. Abbasi, and S. K. Gupta, "Trends and effects of energy proportionality on server provisioning in data centers," in Proceedings of the 17th Annual International Conference on High Performance Computing, 2010.Google Scholar
- R. Kumar, K. I. Farkas, N. P. Jouppi, P. Ranganathan, and D. M. Tullsen, "Single-ISA Heterogeneous Multi-core Architectures: The Potential for Processor Power Reduction," in International Symposium on Microarchitecture, Dec. 2003.Google Scholar
- R. Kumar, D. M. Tullsen, P. Ranganathan, N. P. Jouppi, and K. I. Farkas, "Single-ISA Heterogeneous Multi-core Architectures for Multithreaded Workload Performance," in International Symposium on Computer Architecture, June 2004.Google Scholar
- M. DeVuyst, A. Venkat, and D. M. Tullsen, "Execution migration in a heterogeneous-isa chip multiprocessor," in Proceedings of the Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems, 2012.Google Scholar
- A. Venkat and D. M. Tullsen, "Harnessing ISA diversity: Design of a heterogeneous-ISA chip multiprocessor," in Proceedings of the International Symposium on Computer Architecture, 2014.Google Scholar
- A. Barbalace, M. Sadini, S. Ansary, C. Jelesnianski, A. Ravichandran, C. Kendir, A. Murray, and B. Ravindran, "Popcorn: Bridging the Programmability Gap in heterogeneous-ISA Platforms," in Proceedings of the 10th European Conference on Computer Systems, Apr. 2015.Google Scholar
- T. Li, P. Brett, R. Knauerhase, D. Koufaty, D. Reddy, and S. Hahn, "Operating system support for overlapping-ISA heterogeneous multi-core architectures," in Proceedings of the 16th International Symposium on High Performance Computer Architecture, Jan. 2010.Google Scholar
- D. Lustig, C. Trippel, M. Pellauer, and M. Martonosi, "ArMOR: Defending Against Memory Consistency Model Mismatches in Heterogeneous Architectures," in Proceedings of the 42nd International Symposium on Computer Architecture, June 2015.Google Scholar
- R. Roemer, E. Buchanan, H. Shacham, and S. Savage, "Return-oriented programming: Systems, languages, and applications," ACM Transactions on Information and System Security, 2012.Google Scholar
- H. Shacham, "The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)," in Proceedings of the 14th ACM conference on Computer and Communications Security, 2007.Google Scholar
- T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang, "Jump-oriented programming: a new class of code-reuse attack," in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.Google Scholar
- E. Buchanan, R. Roemer, H. Shacham, and S. Savage, "When good instructions go bad: generalizing return-oriented programming to RISC," in Proceedings of the 15th ACM conference on Computer and Communications Security, 2008.Google Scholar
- S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns," in Proceedings of the 17th ACM conference on Computer and Communications Security, 2010.Google Scholar
- S. Checkoway and E. W. Felten, "Can DREs provide long-lasting security? The case of return-oriented programming and the AVC Advantage," 2009.Google Scholar
- T. Kornau, "Return oriented programming for the ARM architecture," Master's thesis, Ruhr-Universitat Bochum, 2010.Google Scholar
- M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, "Control-flow integrity," in Proceedings of the 12th ACM conference on Computer and Communications Security, 2005.Google Scholar
- C. Cowan, C. Pu, D. Maier, et al., "StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks," in Proceedings of the 7th USENIX Security Symposium, 1998.Google Scholar
- L. Davi, A.-R. Sadeghi, and M. Winandy, "ROPdefender: A detection tool to defend against return-oriented programming attacks," in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.Google Scholar
- H. Etoh, "GCC extension for protecting applications from stack-smashing attacks," 2003.Google Scholar
- M. Kayaalp, M. Ozsoy, N. Abu Ghazaleh, and D. Ponomarev, "Branch regulation: low-overhead protection from code reuse attacks," in Proceedings of the 39th Annual International Symposium on Computer Architecture, 2012.Google Scholar
- M. Zhang and R. Sekar, "Control flow integrity for COTS binaries," in Proceedings of the 22nd USENIX Security Symposium, 2013.Google Scholar
- C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou, "Practical control flow integrity and randomization for binary executables," in Proceedings of the 34th IEEE Symposium on Security and Privacy, 2013.Google Scholar
- V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song, "Code-pointer integrity," in USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2014.Google Scholar
- Michael Backes and Stefan Nurnberger, "Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing," in Proceedings of the 23rd USENIX Security Symposium, Aug 2014.Google Scholar
- L. Davi, C. Liebchen, A.-R. Sadeghi, K. Z. Snow, and F. Monrose, "Isomeron: Code randomization resilient to (just-in-time) return-oriented programming," July 2015.Google Scholar
- J. Hiser, A. Nguyen Tuong, M. Co, M. Hall, and J. W. Davidson, "ILR: Where'd My Gadgets Go?," in Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.Google Scholar
- G. S. Kc, A. D. Keromytis, and V. Prevelakis, "Countering code-injection attacks with instruction-set randomization," in Proceedings of the 10th ACM conference on Computer and Communications Security, 2003.Google Scholar
- V. Pappas, M. Polychronakis, and A. D. Keromytis, "Smashing the gadgets: Hindering return-oriented programming using in-place code randomization," in Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.Google Scholar
- PaX Team, "PaX address space layout randomization," 2003.Google Scholar
- E. Shioji, Y. Kawakoya, M. Iwamura, and T. Hariu, "Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks.," in Proceedings of the 28th Annual Computer Security Applications Conference, 2012.Google Scholar
- R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin, "Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code," in Proceedings of the 2012 ACM conference on Computer and Communications Security, 2012.Google Scholar
- G. F. Roglia, L. Martignoni, R. Paleari, and D. Bruschi, "Surgically returning to randomized lib (c)," in Proceedings of the 25th Annual Computer Security Applications Conference, 2009.Google Scholar
- H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh, "On the effectiveness of address-space randomization," in Proceedings of the 11th ACM conference on Computer and Communications Security, 2004.Google Scholar
- B.-J. Wever, "Internet Explorer IFRAME src&name parameter BoF remote compromise," 2004.Google Scholar
- K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi, "Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization," in Proceedings of the 34th IEEE Symposium on Security and Privacy, 2013.Google Scholar
- A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh, "Hacking Blind," in Security and Privacy, July 2014.Google Scholar
- H. D. Moore, "Microsoft Internet Explorer data binding memory corruption," 2010.Google Scholar
- Solar Designer, "Getting around non-executable stack (and fix)," 1997.Google Scholar
- G. Kyriazia, "Heterogeneous Systems Architecture: A Technical Review," tech. rep., 2012.Google Scholar
- A. Putnam, A. M. Caulfield, E. S. Chung, D. Chiou, K. Constantinides, J. Demme, H. Esmaeilzadeh, J. Fowers, G. P. Gopal, J. Gray, et al., "A reconfigurable fabric for accelerating large-scale datacenter services," in Proceedings of the 41st International Symposium on Computer Architecture, June 2014.Google Scholar
- D. Allred and G. Martinez, "Maximizing the Power of ARM with DSP," tech. rep., Texas Instruments, 2010.Google Scholar
- S. Dutta, R. Jensen, and A. Rieckmann, "Viper: A multiprocessor SoC for advanced set-top box and digital TV systems," Design & Test of Computers, IEEE, vol. 18, no. 5, 2001.Google Scholar
- "Intel IXP425 Network Processor," tech. rep., 2006.Google Scholar
- Qualcomm, "Snapdragon S4 Processors: System on Chip Solutions for a New Mobile Age," tech. rep., Oct. 2011.Google Scholar
- "National Vulnerability Database,"Google Scholar
- D. Jang, Z. Tatlock, and S. Lerner, "SAFEDISPATCH: Securing C++ virtual calls from memory corruption attacks," in Proceedings of the 21st International Symposium on Network and Distributed System Security, Feb. 2014.Google Scholar
- E. J. Schwartz, T. Avgerinos, and D. Brumley, "Q: Exploit Hardening Made Easy.," in Proceddings of the 20th USENIX Security Symposium, 2011.Google Scholar
- Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis, "Transparent ROP Exploit Mitigation Using Indirect Branch Tracing," in Proceedings of the 22nd USENIX Security Symposium, 2013.Google Scholar
- C. Cowan, S. Beattie, R. F. Day, C. Pu, P. Wagle, and E. Walthinsen, "Protecting systems from stack smashing attacks with StackGuard," in Proceedings of the 5th Linux Expo, 1999.Google Scholar
- H. Ozdoganoglu, T. Vijaykumar, C. E. Brodley, B. A. Kuperman, and A. Jalote, "SmashGuard: A hardware solution to prevent security attacks on the function return address," IEEE Transactions on Computers, 2006.Google Scholar
- G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas, "Secure program execution via dynamic information flow tracking," in Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, 2004.Google Scholar
- Vendicator, "StackShield: A Stack Smashing Technique Protection Tool for Linux," 2001.Google Scholar
- I. Evans, S. Fingeret, J. Gonzalez, U. Otgonbaatar, T. Tang, H. Shrobe, S. Sidiroglou-Douskos, M. Rinard, and H. Okhravi, "Missing the point (er): On the effectiveness of code pointer integrity1," in Proceedings of the 36th IEEE Symposium on Security and Privacy, 2015.Google Scholar
- N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross, "Control-flow bending: On the effectiveness of control-flow integrity," in Proceedings of the 24th USENIX Security Symposium, 2015.Google Scholar
- E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis, "Out of control: Overcoming control-flow integrity," in Proceedings of the 35th IEEE Symposium on Security and Privacy, May 2014.Google Scholar
- E. Goktas, E. Athanasopoulos, M. Polychronakis, H. Bos, and G. Portokalidis, "Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard," in Proceedings of the 23rd USENIX Security Symposium, Aug. 2014.Google Scholar
- N. Carlini and D. Wagner, "Rop is still dangerous: Breaking modern defenses," in Proceedings of the 23rd USENIX Security Symposium, Aug. 2014.Google Scholar
- Lucas Davi, Daniel Lehmann, and Ahmad-Reza Sadeghi, "The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Te chniques," in BlackHat USA, Aug 2014.Google Scholar
- L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose, "Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection," in Proceedings of the 23rd USENIX Security Symposium, Aug. 2014.Google Scholar
- F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz, "Counterfeit object-oriented programming," May 2015.Google Scholar
- S. Bhatkar and R. Sekar, "Data space randomization," in Detection of Intrusions and Malware, and Vulnerability Assessment, 2008.Google Scholar
- C. Cadar, P. Akritidis, M. Costa, J.-P. Martin, and M. Castro, "Data randomization," tech. rep., Technical Report MSR-TR- 2008-120, Microsoft Research, 2008.Google Scholar
- K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda, "G-Free: defeating return-oriented programming through gadget-less binaries," in Proceedings of the 26th Annual Computer Security Applications Conference, 2010.Google Scholar
- A. Papadogiannakis, L. Loutsis, V. Papaefstathiou, and S. Ioannidis, "ASIST: architectural support for instruction set randomization," in Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, 2013.Google Scholar
- C. Rohlf and Y. Ivnitskiy, "Attacking clientside JIT compilers," Black Hat, USA, 2011.Google Scholar
- J. Smith and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes. Morgan Kaufmann Publishers Inc., June 2005.Google Scholar
Digital Library
- F. Bellard, "Qemu, a fast and portable dynamic translator," in USENIX Technical Conference, Apr. 2005.Google Scholar
- MSDN, "Introduction to code signing,"Google Scholar
- J. Ansel, P. Marchenko, U. Erlingsson, E. Taylor, B. Chen, D. L. Schuff, D. Sehr, C. L. Biffle, and B. Yee, "Language- independent sandboxing of just-in-time compilation and self- modifying code," ACM SIGPLAN Notices, 2011.Google Scholar
- Intel, "Software guard extensions programming reference," 2014.Google Scholar
- Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng, "ROPecker: A generic and practical approach for defending against ROP attacks," in Symposium on Network and Distributed System Security (NDSS), 2014.Google Scholar
- N. L. Binkert, R. G. Dreslinski, L. R. Hsu, K. T. Lim, A. G. Saidi, and S. K. Reinhardt, "The M5 Simulator: Modeling Networked Systems," Micro, IEEE, 2006.Google Scholar
Digital Library
- T. Sherwood, E. Perelman, G. Hamerly, and B. Calder, "Automatically Characterizing Large Scale Program Behavior," in Proceedings of the 7th International Conference on Architectural Support for Programming Languages and Operating Systems, Oct. 2002.Google Scholar
- A. Venkat, A. Krishnaswamy, K. Yamada, and R. Palanivel, "Binary Translation driven Program State Relocation," in United States Patent Grant US009135435B2, 2015.Google Scholar
Index Terms
HIPStR: Heterogeneous-ISA Program State Relocation
Recommendations
HIPStR: Heterogeneous-ISA Program State Relocation
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating SystemsHeterogeneous Chip Multiprocessors have been shown to provide significant performance and energy efficiency gains over homogeneous designs. Recent research has expanded the dimensions of heterogeneity to include diverse Instruction Set Architectures, ...
HIPStR: Heterogeneous-ISA Program State Relocation
ASPLOS'16Heterogeneous Chip Multiprocessors have been shown to provide significant performance and energy efficiency gains over homogeneous designs. Recent research has expanded the dimensions of heterogeneity to include diverse Instruction Set Architectures, ...
Beasty Memories: The Quest for Practical Defense against Code Reuse Attacks
TrustED '14: Proceedings of the 4th International Workshop on Trustworthy Embedded DevicesCode reuse attacks such as return-oriented programming (ROP) are predominant attack techniques that are extensively used to exploit vulnerabilities in modern software programs. ROP maliciously combines short instruction sequences (gadgets) residing in ...







Comments