Title :
HAFIX: Hardware-Assisted Flow Integrity eXtension
Author :
Davi, Lucas ; Hanreich, Matthias ; Paul, Debayan ; Sadeghi, Ahmad-Reza ; Koeberl, Patrick ; Sullivan, Dean ; Arias, Orlando ; Jin, Yier
Author_Institution :
Tech. Univ., Darmstadt, Germany
Abstract :
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity Extension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.
Keywords :
data protection; software reusability; HAFIX; Intel Siskiyou Peak; ROP; SPARC embedded system architectures; backward edges; code-reuse attacks; code-reuse protection; control-flow integrity instantiations; hardware-assisted flow integrity extension; processor architectures; return-oriented programming; Benchmark testing; Computer architecture; Hardware; Pipelines; Program processors; Random access memory; Registers;
Conference_Titel :
Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE
Conference_Location :
San Francisco, CA
DOI :
10.1145/2744769.2744847
