HAFIX: Hardware-Assisted Flow Integrity eXtension

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical s...

Full description

Saved in:
Bibliographic Details
Published inProceedings - ACM IEEE Design Automation Conference pp. 1 - 6
Main Authors Davi, Lucas, Hanreich, Matthias, Paul, Debayan, Sadeghi, Ahmad-Reza, Koeberl, Patrick, Sullivan, Dean, Arias, Orlando, Jin, Yier
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2015
Subjects
Benchmark testing
Computer architecture
Hardware
Pipelines
Program processors
Random access memory
Registers
Online AccessGet full text
ISSN0738-100X
DOI10.1145/2744769.2744847

Cover

More Information
Summary:Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity Extension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel ® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.
ISSN:0738-100X
DOI:10.1145/2744769.2744847