Abstract
The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attack. In spite of the various forms of protection against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protection. This paper proposes a memory-access validation scheme that manages information on spurious data at the granularity of the cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect synthesized payload injection attacks and to manage taint information with a moderate memory overhead under an acceptable performance impact.
Highlights
1.1 Motivation Since their debut, computers and the Internet have become an indispensable part of the infrastructure of modern society
It is impossible for a software module to arbitrarily put certain cache lines into the L1 instruction cache without accessing those lines for an instruction fetch. This means that the only way to mount a viable attack with existing cache lines is to craft a payload that accesses only the instructions stored in the L1 instruction cache. We argue that this attack vector is highly unlikely because of several operational limitations: (a) instruction executions are frequently disrupted by interrupts and exceptions, and the processor core flushes cache lines before and/or after resolving those events; (b) cache lines are frequently removed from the L1 cache based on replacement policies like LRU, how long a cache line would remain in the cache is unknown; (c) at the software level it is impossible to know what cache lines are stored in the L1 cache
We choose a two-Translation Lookaside Buffer (TLB) structure – an instruction TLB (ITLB) and a data TLB (DTLB) – as our target architectural component because these TLBs are transparent to the software level and because we found that hit-miss statuses in both TLBs represent instruction fetch attempts for modified memory page frames as follows
Summary
As more individuals and organizations become more dependent on computers and the Internet to create, manage, and share their resources efficiently, computer security issues are of increasing significance in every corner of our life. This thesis addresses threats from payload injection attacks at the architectural level by leveraging existing hardware techniques. In order to utilize these components for protection, this thesis clarifies practical issues in distinguishing legitimate miss events from those caused by malicious attacks and integrating supporting mechanisms into multi-tasking environments. Based on the observation and discussion, we propose a memory-access validation scheme against payload injection attacks. This scheme consists of two parts – the validation unit and taint-status data. The validation unit handles queries from other processor components, namely the cache structure and the branch predictor, and validates suspicious control flow redirections by referring to the active taint-status data set. Experimental results with two simulators show that the proposed validation scheme is able to detect simulated payload injection attacks under negligible to moderate performance degradation
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Dependable and Secure Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
