research-article

Free access

SOFIA: software and control flow integrity architecture

Authors:

Ruan de Clercq,

Ronald De Keulenaer,

Koen de Bosschere,

Bjorn de Sutter,

Ingrid VerbauwhedeAuthors Info & Claims

DATE '16: Proceedings of the 2016 Conference on Design, Automation & Test in Europe

Pages 1172 - 1177

Published: 14 March 2016 Publication History

Abstract

Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor.

References

[1]

T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang, "Jump-oriented programming: a new class of code-reuse attack," in CCS, 2011.

Digital Library

[2]

H. Shacham, "The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)," in CCS, 2007.

Digital Library

[3]

W. Hu, J. Hiser, D. Williams, A. Filipi, J. W. Davidson, D. Evans, J. C. Knight, A. Nguyen-Tuong, and J. Rowanhill, "Secure and practical defense against code-injection attacks using software dynamic translation," in Conf. on Virtual Execution Environments, 2006.

Digital Library

[4]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, "Control-Flow Integrity," in CCS, 2005.

Digital Library

[5]

T. Bletsch, X. Jiang, and V. Freeh, "Mitigating code-reuse attacks with control-flow locking," in ACSAC, 2011.

Digital Library

[6]

L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi, "MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones," in NDSS, 2012.

[7]

Y. Xia, Y. Liu, H. Chen, and B. Zang, "CFIMon: Detecting violation of control flow integrity using performance counters," in Conf. on Dependable Systems and Networks, 2012.

Digital Library

[8]

M. Zhang and R. Sekar, "Control Flow Integrity for COTS Binaries," in USENIX Security, 2013.

Digital Library

[9]

V. Pappas, M. Polychronakis, and A. D. Keromytis, "Transparent rop exploit mitigation using indirect branch tracing." in USENIX Security, 2013.

Digital Library

[10]

C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou, "Practical control flow integrity and randomization for binary executables," in IEEE Security & Privacy, 2013.

Digital Library

[11]

C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ü. Erlingsson, L. Lozano, and G. Pike, "Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM," in USENIX Security, 2014.

Digital Library

[12]

E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis, "Out of control: Overcoming control-flow integrity," in IEEE Security & Privacy, 2014.

Digital Library

[13]

N. Carlini and D. Wagner, "ROP is Still Dangerous: Breaking Modern Defenses," in USENIX Security, 2014.

Digital Library

[14]

L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose, "Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection," in USENIX Security, 2014.

Digital Library

[15]

F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz, "Counterfeit object-oriented programming," in IEEE Security & Privacy, 2015.

Digital Library

[16]

M. Kayaalp, M. Ozsoy, N. Abu-Ghazaleh, and D. Ponomarev, "Branch regulation: Low-overhead protection from code reuse attacks," in ISCA, 2012.

Digital Library

[17]

M. Kayaalp, M. Ozsoy, N. A. Ghazaleh, and D. Ponomarev, "Efficiently securing systems from code reuse attacks," Computers, IEEE Transactions on, vol. 63, no. 5, 2014.

Digital Library

[18]

Y. Lee, I. Heo, D. Hwang, K. Kim, and Y. Paek, "Towards a Practical Solution to Detect Code Reuse Attacks on ARM Mobile Devices," in Workshop on Hardware and Architectural Support for Security and Privacy, 2015.

Digital Library

[19]

L. Davi, P. Koeberl, and A.-R. Sadeghi, "Hardware-assisted fine-grained control-flow integrity: Towards efficient protection of embedded systems against software exploitation," in DAC, 2014.

Digital Library

[20]

L. Davi, Matthias, D. P. Hanreich, A.-R. Sadeghi, P. Koeberl, D. Sullivan, O. Arias, and Y. Jin, "HAFIX: Hardware-Assisted Flow Integrity Extension," in DAC, 2015.

Digital Library

[21]

D. Arora, S. Ravi, A. Raghunathan, and N. K. Jha, "Secure embedded processing through hardware-assisted run-time monitoring," in DATE, 2005.

Digital Library

[22]

S. Mao and T. Wolf, "Hardware support for secure processing in embedded systems," Computers, IEEE Transactions on, vol. 59, no. 6, 2010.

Digital Library

[23]

L. Davi, A.-R. Sadeghi, and M. Winandy, "Dynamic integrity measurement and attestation: Towards defense against return-oriented programming attacks," in Scalable Trusted Computing Workshop, 2009.

Digital Library

[24]

A. M. Fiskiran and R. B. Lee, "Runtime execution monitoring (rem) to detect and prevent malicious code execution," in In'l Conf. on Computer Design, 2004.

Digital Library

[25]

H. Lin, Y. Fei, X. Guan, and Z. J. Shi, "Architectural enhancement and system software support for program code integrity monitoring in application-specific instruction-set processors," Very Large Scale Integration Systems, IEEE Transactions on, vol. 18, no. 11, 2010.

Digital Library

[26]

R. G. Ragel and S. Parameswaran, "Impres: integrated monitoring for processor reliability and security," in DAC, 2006.

Digital Library

[27]

J.-L. Danger, S. Guilley, T. Porteboeuf, F. Praden, and M. Timbert, "HCODE: Hardware-Enhanced Real-Time CFI," in PPREW, 2014.

Digital Library

[28]

G. S. Kc, A. D. Keromytis, and V. Prevelakis, "Countering Code-injection Attacks with Instruction-set Randomization," in CCS, 2003.

Digital Library

[29]

A. Papadogiannakis, L. Loutsis, V. Papaefstathiou, and S. Ioannidis, "ASIST: Architectural Support for Instruction Set Randomization," in CCS, 2013.

Digital Library

[30]

J.-L. Danger, S. Guilley, and F. Praden, "Hardware-enforced protection against software reverse-engineering based on an instruction set encoding," in PPREW, 2014.

Digital Library

[31]

International Standard Organization, "Infomation technology - Secruity techniques - Message Authentication Codes (MACs)," ISO/IEC 9797-1:1999(E), 1999.

[32]

H. Handschuh and B. Preneel, "Minding your MAC algorithms," Information Security Bulletin, vol. 9, no. 6, 2004.

[33]

"Cobham Gaisler AB. LEON3 synthesizable processor," http://www.gaisler.com, {Online; accessed 26-Nov-2015}.

[34]

C. Namprempre, P. Rogaway, and T. Shrimpton, "Reconsidering generic composition," in Advances in Cryptology--EUROCRYPT 2014. Springer, 2014.

[35]

W. Zhang, Z. Bao, D. Lin, V. Rijmen, B. Yang, and I. Verbauwhede, "RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms," IACR Cryptology ePrint Archive, 2014.

[36]

P. Maene and I. Verbauwhede, "Single-Cycle Implementations of Block Ciphers," in Lightweight Cryptography for Security and Privacy, 2015.

Digital Library

[37]

C. Lee, M. Potkonjak, and W. H. Mangione-Smith, "MediaBench: a tool for evaluating and synthesizing multimedia and communicatons systems," in Int'l Symp. on Microarchitecture, 1997.

Digital Library

Cited By

Dessouky GZeitouni SNyman TPaverd ADavi LKoeberl PAsokan NSadeghi A(2017)LO-FATProceedings of the 54th Annual Design Automation Conference 201710.1145/3061639.3062276(1-6)Online publication date: 18-Jun-2017
https://dl.acm.org/doi/10.1145/3061639.3062276
de Clercq Rde Keulenaer RMaena PPreneel BDe Sutter BVerbauwhede IKarri RSinanoglu OSadeghi AYi X(2017)SCMProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053044(771-776)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053044
Tan JTay HDrolia UGandhi RNarasimhan P(2016)PCFIREProceedings of the 13th International Conference on Embedded Software10.1145/2968478.2968492(1-10)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1145/2968478.2968492

Recommendations

SOFIA

Software components are frequently used in cyber-physical systems (CPSes) to control a physical mechanism, such as a valve or brakes on a car. These systems are extremely sensitive to software vulnerabilities, as their exploitation could lead to injury, ...
SOFIA: an automated security oracle for black-box testing of SQL-injection vulnerabilities
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security ...
An evaluation of speculative instruction execution on simultaneous multithreaded processors

Modern superscalar processors rely heavily on speculative execution for performance. For example, our measurements show that on a 6-issue superscalar, 93% of committed instructions for SPECINT95 are speculative. Without speculation, processor resources ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

DATE '16: Proceedings of the 2016 Conference on Design, Automation & Test in Europe

March 2016

1779 pages

ISBN:9783981537062

General Chair:
Luca Fanucci
University of Pisa, IT
,
Program Chair:
Jürgen Teich
Friedrich-Alexander-Universität, Erlangen-Nürnberg, DE

Sponsors

IMEC: IMEC
Systematic: Systematic Paris-Region Systems & ICT Cluster
DREWAG: DREWAG
AENEAS: AENEAS
Technical University of Dresden
CMP: Circuits Multi Projets
PENTA: PENTA
CISCO
OFFIS: Oldenburger Institut für Informatik
Goethe University: Goethe University Frankfurt

Publisher

EDA Consortium

San Jose, CA, United States

Publication History

Published: 14 March 2016

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
82
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)6

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dessouky GZeitouni SNyman TPaverd ADavi LKoeberl PAsokan NSadeghi A(2017)LO-FATProceedings of the 54th Annual Design Automation Conference 201710.1145/3061639.3062276(1-6)Online publication date: 18-Jun-2017
https://dl.acm.org/doi/10.1145/3061639.3062276
de Clercq Rde Keulenaer RMaena PPreneel BDe Sutter BVerbauwhede IKarri RSinanoglu OSadeghi AYi X(2017)SCMProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053044(771-776)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053044
Tan JTay HDrolia UGandhi RNarasimhan P(2016)PCFIREProceedings of the 13th International Conference on Embedded Software10.1145/2968478.2968492(1-10)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1145/2968478.2968492

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents