We introduce a novel concept, called Name Confusion, and demonstrate how it can be employed to thwart multiple classes of code-reuse attacks. By building upon Name Confusion, we derive Phantom Name System (PNS): a security protocol that provides multiple names (addresses) to program instructions. Unlike the conventional model of virtual memory with a one-to-one mapping between instructions and virtual memory addresses, PNS creates N mappings for the same instruction, and randomly switches between them at runtime. PNS achieves fast randomization, at the granularity of basic blocks, which mitigates a class of attacks known as (just-in-time) code-reuse. If an attacker uses a memory safety-related vulnerability to cause any of the instruction addresses to be different from the one chosen during a fetch, the exploited program will crash. We quantitatively evaluate how PNS mitigates real-world code-reuse attacks by reducing the success probability of typical exploits to approximately $10^{-12}$. We implement PNS and validate it by running SPEC CPU2017 benchmark suite. We further verify its practicality by adding it to a RISC-V core on an FPGA. Lastly, PNS is mainly designed for resource constrained (wimpy) devices and has negligible performance overhead, compared to commercially-available, state-of-the-art, hardware-based protections.

中文翻译：

---

使用名称混淆来增强安全性

我们引入了一个名为 Name Confusion 的新概念，并演示了如何利用它来阻止多种类型的代码重用攻击。通过在 Name Confusion 的基础上构建，我们推导出 Phantom Name System (PNS)：一种为程序指令提供多个名称（地址）的安全协议。不同于传统的虚拟内存模型，指令和虚拟内存地址之间是一对一的映射，PNS 为同一条指令创建 N 个映射，并在运行时在它们之间随机切换。PNS 以基本块的粒度实现快速随机化，从而减轻了称为（即时）代码重用的一类攻击。如果攻击者使用与内存安全相关的漏洞导致任何指令地址与获取期间选择的地址不同，则被利用的程序将崩溃。我们通过将典型漏洞利用的成功概率降低到大约 $10^{-12}$ 来定量评估 PNS 如何减轻现实世界的代码重用攻击。我们实施 PNS 并通过运行 SPEC CPU2017 基准测试套件对其进行验证。我们通过将其添加到 FPGA 上的 RISC-V 内核来进一步验证其实用性。最后，PNS 主要是为资源受限（wimpy）设备设计的，与商用的、最先进的、基于硬件的保护相比，它的性能开销可以忽略不计。