RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks

doi:10.1145/3280852

	RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks
	Zhang, Jun 1,2; Hou, Rui 3,6; Song, Wei 3,6; Mckee, Sally A.4; Jia, Zhen 5; Zheng, Chen 5; Chen, Mingyu 5; Zhang, Lixin 5; Meng, Dan 3,6
	2019
发表期刊	ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION
ISSN	1544-3566
卷号	15 期号:4 页码:21
摘要	Control-flow integrity (CFI) is a general method for preventing code-reuse attacks, which utilize benign code sequences to achieve arbitrary code execution. CFI ensures that the execution of a program follows the edges of its predefined static Control-Flow Graph: any deviation that constitutes a CFI violation terminates the application. Despite decades of research effort, there are still several implementation challenges in efficiently protecting the control flow of function returns (Return-Oriented Programming attacks). The set of valid return addresses of frequently called functions can be large and thus an attacker could bend the backward-edge CFI by modifying an indirect branch target to another within the valid return set. This article proposes RAGuard, an efficient and user-transparent hardware-based approach to prevent Return-Oreiented Programming attacks. RAGuard binds a message authentication code (MAC) to each return address to protect its integrity. To guarantee the security of the MAC and reduce runtime overhead: RAGuard (1) computes the MAC by encrypting the signature of a return address with AES-128, (2) develops a key management module based on a Physical Unclonable Function (PUF) and a True Random Number Generator (TRNG), and (3) uses a dedicated register to reduce MACs' load and store operations of leaf functions. We have evaluated our mechanism based on the open-source LEON3 processor and the results show that RAGuard incurs acceptable performance overhead and occupies reasonable area.
关键词	Code-reuse attacks return-oriented programming attacks message authentication code AES-128 key management PUF
DOI	10.1145/3280852
收录类别	SCI
语种	英语
资助项目	China National Science Fund for Excellent Young Scholars[61522212] ; National Key RD Plan[2017YFB1001602] ; Chinese Academy of Science[QYZDB-SSW-JSC010] ; CAS Pioneer Hundred Talents Program ; National Natural Science Foundation of China (NSFC)[61521092] ; National Natural Science Foundation of China (NSFC)[61502459] ; Frontier Science Research Projects
WOS研究方向	Computer Science
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Theory & Methods
WOS记录号	WOS:000457136000011
出版者	ASSOC COMPUTING MACHINERY
引用统计
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/3431
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Hou, Rui; Meng, Dan
作者单位	1.Chinese Acad Sci, ICT, State Key Lab Comp Architecture, Beijing, Peoples R China 2.Hubei Univ Arts & Sci, Xiangyang 441053, Peoples R China 3.Chinese Acad Sci, Inst Informat Engn, State Key Lab Informat Secur, Beijing, Peoples R China 4.Clemson Univ, Elect & Comp Engn, Clemson, SC 29630 USA 5.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 6.Chinese Acad Sci, Inst Informat Engn, Beijing 100190, Peoples R China
推荐引用方式 GB/T 7714	Zhang, Jun,Hou, Rui,Song, Wei,et al. RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks[J]. ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION,2019,15(4):21.
APA	Zhang, Jun.,Hou, Rui.,Song, Wei.,Mckee, Sally A..,Jia, Zhen.,...&Meng, Dan.(2019).RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks.ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION,15(4),21.
MLA	Zhang, Jun,et al."RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks".ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION 15.4(2019):21.