TY - GEN
T1 - A memory access validation scheme against payload injection attacks
AU - Ahn, Dongkyun
AU - Lee, Gyungho
PY - 2012
Y1 - 2012
N2 - The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attacks. In spite of various features against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protections. This paper proposes a memory access validation scheme that manages information on spurious data at the granularity of cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect the synthesized payload injection attacks and to manage taint information with moderate memory overhead under acceptable performance impact.
AB - The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attacks. In spite of various features against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protections. This paper proposes a memory access validation scheme that manages information on spurious data at the granularity of cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect the synthesized payload injection attacks and to manage taint information with moderate memory overhead under acceptable performance impact.
KW - Code injection attack
KW - Information flow tracking
KW - Memory access validation
KW - Return-oriented programming
KW - Return-to-libc attack
UR - http://www.scopus.com/inward/record.url?scp=84867865856&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-33338-5_6
DO - 10.1007/978-3-642-33338-5_6
M3 - Conference contribution
AN - SCOPUS:84867865856
SN - 9783642333378
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 107
EP - 126
BT - Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings
T2 - 15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012
Y2 - 12 September 2012 through 14 September 2012
ER -