HardScope: Run-time variable scope enforcement as a defense against data-oriented programming attacks

Näytä kaikki kuvailutiedot


Julkaisun nimi: HardScope: Run-time variable scope enforcement as a defense against data-oriented programming attacks
Tekijä: Lehikoinen, Aaro
Muu tekijä: Helsingin yliopisto, Matemaattis-luonnontieteellinen tiedekunta
Opinnäytteen taso: pro gradu -tutkielmat
Tiivistelmä: Memory errors exist in software written in memory-unsafe languages like C. They introduce severe vulnerabilities in software. Vulnerabilities may even be exploited by attackers over the Internet and sometimes they can be used to gain complete control of computer systems. Exploitation of memory errors is usually not trivial, but requires building an attack that corrupts the memory carefully to achieve the attacker’s goal. Multiple defenses against memory attacks exist and modern systems have complete defenses in place against certain attack classes. All defenses cannot be applied to all systems, and they do not protect against all possible attacks. Data-Oriented Programming (DOP) attacks are a new class of attacks that utilize the target program’s existing code to perform malicious operations. DOP differs from other attacks like Return-Oriented Programming (ROP) by avoiding control-flow violations, making it impossible to prevent with control-flow defenses. We analyze existing DOP attacks and determine that their expressiveness in real-world programs requires violating C variable visibility rules. We introduce Run-time Scope Enforcement (RSE), a defense that enforces variable visibility rules at run time. In this thesis, we introduce HardScope, our hardware-assisted implementation of RSE. HardScope has an instrumentation engine that instruments C programs with code that maintains variable visibility rules during execution. The run-time platform is based on RISC-V and consists of instruction set extensions and new processor logic that performs the enforcement. Evaluation shows that HardScope has low performance overhead and that it defends against existing DOP attacks.
URI: URN:NBN:fi:hulib-201804131675
Päiväys: 2018-04-16
Oppiaine: Tietojenkäsittelytiede


Tiedosto(t) Koko Formaatti Näytä

Tähän julkaisuun ei ole liitetty tiedostoja

Viite kuuluu kokoelmiin:

Näytä kaikki kuvailutiedot