10 Hits in 1.5 sec

HDFI: Hardware-Assisted Data-Flow Isolation

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung Paek
2016 2016 IEEE Symposium on Security and Privacy (SP)  
In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient.  ...  HDFI enforces isolation at the machine word granularity by virtually extending each memory unit with an additional tag that is defined by dataflow.  ...  To overcome these limitations, we propose hardware-assisted data-flow isolation (HDFI), a new fine-grained data isolation mechanism.  ... 
doi:10.1109/sp.2016.9 dblp:conf/sp/SongMAYLKLP16 fatcat:ludpja4munaybeq7owpvy5b2fq

Toward Taming the Overhead Monster for Data-Flow Integrity [article]

Lang Feng, Jiayi Huang, Jeff Huang, Jiang Hu
2021 arXiv   pre-print
Accordingly, a hardware-assisted parallel approach is proposed to tackle the overhead challenge.  ...  Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks.  ...  However, it requires to check a large volume of data and thus intrinsically entails huge performance overhead. We propose a hardware-assisted parallel approach to address this challenge.  ... 
arXiv:2102.10031v1 fatcat:p3soagzyazdsff3vme6ynlcsru

MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation [chapter]

Lucian Mogosanu, Ashay Rane, Nathan Dautenhahn
2018 Lecture Notes in Computer Science  
Unlike alternative hardware, MicroStache implements a simple microarchitectural memory segmentation scheme while integrating it with paging, and also extends the safe region abstraction to isolate data  ...  Unfortunately, frequent mixing of safe and unsafe operations stresses memory isolation mechanisms.  ...  Comparison With HDFI: Song et al. [41] propose fine-grained memory isolation through a hardware element called hardware-assisted data-flow isolation (HDFI).  ... 
doi:10.1007/978-3-030-00470-5_17 fatcat:l6mtbpq4b5g3xkuufhwu76u7bq


Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi
2019 Proceedings of the 56th Annual Design Automation Conference 2019 on - DAC '19  
However, defenses against control-flow attacks, such as (finegrained) randomization or control-flow integrity are ineffective against data-oriented attacks and more expressive Data-oriented Programming  ...  We present Hardscope, a proof-of-concept implementation of hardware-assisted RSE for RISC-V, and show it has a low performance overhead of 3.2% for embedded benchmarks.  ...  HardScope can also enforce memory isolation at coarser or finer granularity, to enable different memory protection strategies.  ... 
doi:10.1145/3316781.3317836 dblp:conf/dac/NymanDZLPAS19 fatcat:vonypstip5f7jht3njvpnh4c6i

Exploitation Techniques and Defenses for Data-Oriented Attacks [article]

Long Cheng and Hans Liljestrand and Thomas Nyman and Yu Tsung Lee and Danfeng Yao and Trent Jaeger and N. Asokan
2019 arXiv   pre-print
Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity.  ...  PT only traces control flows, thus, is generally believed to be not useful for data-oriented security.  ...  Hardware-Assisted Data-flow Isolation (HDFI) [46] extends the RISC-V architecture to provide an instruction-level isolation by tagging each machine word in memory (also known as the tag-based memory  ... 
arXiv:1902.08359v2 fatcat:zruorpddjfblnhfiaqmym3frbm

PAC it up: Towards Pointer Integrity using ARM Pointer Authentication [article]

Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, N. Asokan
2019 arXiv   pre-print
In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity.  ...  The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures against specific  ...  The authors thank Kostya Serebryany and Rémi Denis-Courmont for interesting discussions and Zaheer Gauhar for implementation assistance.  ... 
arXiv:1811.09189v4 fatcat:vscgjhjdmnbxlble56qebrnnxi

HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement [article]

Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi
2018 arXiv   pre-print
We present HardScope, a proof-of-concept implementation of hardware-assisted RSE for the new RISC-V open instruction set architecture.  ...  A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the control flow of the code at run-time, e.g., (fine-grained) randomization or Control Flow Integrity.  ...  ACKNOWLEDGEMENTS The authors would also like to extend their thanks the Aalto University Secure Systems Group interns Kesara Gamlath and Rangana De Silva who provided assistance in the efforts to realize  ... 
arXiv:1705.10295v2 fatcat:u4e56ergbffc7bbcvv6l3qvga4

SoK: Hardware Security Support for Trustworthy Execution [article]

Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur, David Lie
2019 arXiv   pre-print
This has given birth to a plethora of hardware mechanisms providing trusted execution environments (TEEs), support for integrity checking and memory safety and widespread uses of hardware roots of trust  ...  In recent years, there have emerged many new hardware mechanisms for improving the security of our computer systems.  ...  Software-hardware collaboration usually involves a monitoring component that assists the local hardware for policy/metadata management.  ... 
arXiv:1910.04957v1 fatcat:5luczjg34ve67nm73xso5xhzx4

On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges

Victor R. Kebande, H.S. Venter
2016 Australian Journal of Forensic Sciences  
This is done to isolate the virtual resource spaces from further potential attacks. Data Volatility Once the VM is shut down, PDE is lost.  ...  This environment is complex for it consists of numerous applications, VMs and hardware. The data is also organised in distributed and scalable fashion.  ... 
doi:10.1080/00450618.2016.1194473 fatcat:x4hq2cjqtzbqrcyszm5gouylry

Repurposing Software Defenses with Specialized Hardware

Kanad Sinha
to existing hardware microarchitecture.  ...  One way to mitigate this problem is to complement these defenses in hardware.  ...  . • Isolated Execution.  ... 
doi:10.7916/d8-e6tc-kr63 fatcat:5mmez4ypdzfqffukip6xzaotve