Your browser does not support JavaScript!

Home    Search  

Results - Details

Search command : All Fields="Χρήστου"

Current Record: 3 of 9

Back to Results Previous page
Next page
Add to Basket
[Add to Basket]
Identifier 000413466
Title Architectural support for control fLow integrity
Alternative Title Αρχιτεκτονική υποστήριξη ακεραιότητας ροής εκτέλεσης
Author Χρήστου, Γεώργιος Χ.
Thesis advisor Μαρκάτος, Ευάγγελος
Reviewer Ιωαννίδης, Σωτήρης
Μπίλας, Άγγελος
Abstract Exploitation of software becomes more and more common, as computer systems span across many areas of our lives. Over the recent years, attacks on software become more sophisticated. Deployed countermeasures tend to not provide sufficient protection. Effective countermeasures require thorough checks which are computationally expensive. One such countermeasure is Control-Flow Integrity (CFI); a policy developed to defend against Control-flow hijacking, the principal method for code- reuse techniques like Return-oriented Programming (ROP) and Jump-oriented Programming (JOP). The community proposed CFI, a technique capable of preventing exploitation by verifying that every (indirect) control-flow transfer points to a legitimate address. Enabling CFI in real world systems is not straightforward, since in many cases the actual Control-flow Graph (CFG) of a program can be only approximated. Even in the case that there is perfect knowledge of the CFG, ensuring that all return instructions will return to their actual call sites, without employing a shadow stack, is questionable. On the other hand, the community has expressed concerns related to significant overheads stemming from deploying a shadow stack. In this work, we acknowledge the importance of pushing security in the hardware domain, in order to strengthen and accelerate security mechanisms. We project, that implementing a full-featured CFI-enabled Instruction Set Architecture (ISA) in actual hardware with an in-chip secure memory can be efficiently carried out and the prototype experiences negligible overheads. For supporting our case, we implement Control-Flow Integrity Extensions (CFIX) by modifying a SPARC SoC and evaluate the prototype on an FPGA board by running SPECInt benchmarks instrumented with a fine-grained CFI policy. The evaluation shows that CFIX can effectively protect applications from code-reuse attacks, while adding less than 1% runtime overhead and 2% power consumption overhead, making it particularly suitable for embedded systems.
Language English
Subject Embeded systems
Ενσωματωμένα συστήματα
Issue date 2017-03-17
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
  Type of Work--Post-graduate theses
Permanent Link Bookmark and Share
Views 74

Digital Documents
No preview available

Download document
View document
Views : 4