Title :
A Memory-Access Validation Scheme against Payload Injection Attacks
Author :
Dongkyun Ahn ; Gyungho Lee
Author_Institution :
Intel Corp, Santa Clara, CA, USA
Abstract :
The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attack. In spite of the various forms of protection against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protection. This paper proposes a memory-access validation scheme that manages information on spurious data at the granularity of the cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect synthesized payload injection attacks and to manage taint information with a moderate memory overhead under an acceptable performance impact.
Keywords :
cache storage; data protection; query processing; virtual storage; cache line size granularity; control flow diversion; data piece authenticity; information management; malicious attacks; memory hierarchy integration; memory overhead; memory-access validation scheme; processor; query answering scheme; software attack; spurious data protection; synthesized payload injection attack detection; virtual memory; Arrays; Kernel; Memory management; Payloads; Registers; Runtime; Virtual memory; security;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2014.2355844