Author | Nyman, Thomas; Dessouky, Ghada; Zeitouni, Shaza; Lehikoinen, Aaro; Paverd, Andrew; Asokan, N.; Sadeghi, Ahmad-Reza |
---|
Abstract | Widespread use of memory unsafe programming languages (e.g., C
and C++) leaves many systems vulnerable to memory corruption
attacks. A variety of defenses have been proposed to mitigate attacks
that exploit memory errors to hijack the control flow of the code
at run-time, e.g., (fine-grained) randomization or Control Flow Integrity. However, recent work on data-oriented programming (DOP)
demonstrated highly expressive (Turing-complete) attacks, even in
the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet available. We propose run-time scope enforcement
(RSE), a novel approach designed to efficiently mitigate all currently
known DOP attacks by enforcing compile-time memory safety constraints (e.g., variable visibility rules) at run-time. We present HardScope, a proof-of-concept implementation of hardware-assisted
RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which
demonstrates that it can mitigate all currently known DOP attacks,
and has a real-world performance overhead of 3.2% in embedded
benchmarks. |
---|