Memory Protection through Dynamic Access Control

Current anomaly detection schemes focus on control flow monitoring. Recently, Chen et al. discovered that a large category of attacks tamper program data but do not alter control flows. These attacks are not only realistic, but are also as important as classical attacks tampering control flows. Detecting these attacks is a critical issue but has received little attention so far. In this work, we propose an intrusion detection scheme with both compiler and micro-architecture support detecting data tampering directly. The compiler first identifies program regions in which the data should not be modified as per program semantics. Then the compiler performs an analysis to determine the conditions for modification of variables in different program regions and conveys this information to the hardware and the hardware checks the data accesses based on the information. If the compiler asserts that the data should not be modified but there is an attempt to do so at runtime, an attack is detected. The compiler starts with a basic scheme achieving maximum data protection but such a scheme also suffers from high performance overhead. We then attempt to reduce the performance overhead through different optimization techniques. Our experiments show that our scheme achieves strong memory protection with tight control over the performance degradation. Thus, our major contribution is to provide an efficient scheme to detect data tampering while minimizing the overhead