Publikationen
Publikationen
Art der Publikation: Beitrag in Sammelwerk
HAFIX: Hardware-Assisted Flow Integrity Extension - Best Paper
- Autor(en):
- Arias, Orlando; Davi, Lucas; Hanreich, Matthias; Jin, Yier; Koeberl, Patrick; Paul, Debayan; Sadeghi, Ahmad-Reza; Sullivan, Dean
- Titel des Sammelbands:
- Proc. of 52nd Design Automation Conference (DAC)
- Veröffentlichung:
- 2015
- Digital Object Identifier (DOI):
- doi:10.1145/2744769.2744847
- Link zum Volltext:
- https://dl.acm.org/authorize?N28650
- Zitation:
- Download BibTeX
Kurzfassung
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.