Your browser does not support JavaScript!

Doctoral theses

Current Record: 2 of 114

Back to Results Previous page
Next page
Add to Basket
[Add to Basket]
Identifier 000460298
Title Hardware-assisted security mechanisms for memory vulnerabilities
Alternative Title Αρχιτεκτονικά υποστηριζόμενοι μηχανισμοί ασφάλειας για ευπάθειες μνήμης
Author Χρήστου, Γεώργιος Χ
Thesis advisor Ιωαννίδης, Σωτήρης
Reviewer Μαρκάτος, Ευάγγελος
Παπαευσταθίου, Βασίλης
Μπίλας, Άγγελος
Βασιλειάδης, Γεώργιος
Πρατικάκης, Πολύβιος
Βασιλάκης, Νίκος
Abstract Security is essential in today’s computing systems. Nearly every aspect of modern life is associated with computing devices. This trend is not expected to slow down in the near future, conversely, it is expected to continue expanding. Thus, it is important to ensure that modern systems are secure against cyber-threats, especially considering that computing devices are responsible even for life-critical tasks (e.g., medical devices, smart cars, etc.). Security relies on checking various conditions during an application’s execution as well as various computations on the application’s memory (e.g., hashing, cryptography, etc.). A plethora of effective security mechanisms has been designed and implemented solely in software. However, the additional security checks and operations are not cheap and cause runtime performance overhead as well as increased power consumption. In an effort to reduce the imposed overheads relaxed and lightweight s ecurity variations of these strategies have been proposed, but they often prove ineffective and easy to bypass with new, more sophisticated exploitation techniques. Researchers and industry providers strive to find the golden ratio between security and overall functionality of the system. This is not an easy task and it has been long proven that effective strategies relying only on software, often fail to achieve both of these goals. Modern CPUs introduce progressively more architectural extensions which aim to accelerate certain heavy operations. Thus, one could argue that pushing parts of security mechanisms in the hardware domain is a promising approach, in order to offer strong security guarantees with minimal runtime overhead. In this dissertation, we explore the design of hardware assisted security mechanisms in order to protect systems against common exploitation techniques. Our work can be divided in two categories of mechanisms. First, we utilize architectural extensions already present in commodity off the self hardware, even if they were not originally designed for security purposes. Second, we design and implement our own hardware extensions that aim to enhance the performance of promising security strategies which were originally implemented solely in software. The techniques we explored prevent memory related vulnerabilities from escalating to successful exploitation of the system. In summary, we present a lightweight main memory encryption mechanism that leverages widely available cryptographic accelerators and MMU components in order to prevent attackers with physical access from disclosing sensitive data. We then explore intra-process isolation through leveraging hardware assisted user-level memory partition in order to preserve memory safety in managed runtime environments when libraries written in non memory safe (or type safe) languages are loaded. Furthermore, we design and implement cryptographically resistant architecturally assisted Instruction Set Randomization in to prevent Code Injection and Code Reuse attacks. Finally, we design and implement a complete, policy agnostic Control Flow Graph based Control Flow Integrity instruction set and we discuss how we adapted our work in order to form the specification for CFI in RISC-V architecture. The evaluation of our work and the tendency of CPU providers to include architectural extensions for security verifies that our approach is promising for defending against the ever-expanding threat landscape.
Language English
Subject Architecture
Systems security
Αρχιτεκτονική
Ασφάλεια συστημάτων
Issue date 2023-12-01
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
  Type of Work--Doctoral theses
Permanent Link https://elocus.lib.uoc.gr//dlib/f/f/4/metadata-dlib-1699859975-360277-31602.tkl Bookmark and Share
Views 685

Digital Documents
No preview available

Download document
View document
Views : 1