当前位置:
X-MOL 学术
›
ACM Trans. Archit. Code Optim.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
On Architectural Support for Instruction Set Randomization
ACM Transactions on Architecture and Code Optimization ( IF 1.5 ) Pub Date : 2020-11-10 , DOI: 10.1145/3419841 George Christou 1 , Giorgos Vasiliadis 1 , Vassilis Papaefstathiou 1 , Antonis Papadogiannakis 2 , Sotiris Ioannidis 3
ACM Transactions on Architecture and Code Optimization ( IF 1.5 ) Pub Date : 2020-11-10 , DOI: 10.1145/3419841 George Christou 1 , Giorgos Vasiliadis 1 , Vassilis Papaefstathiou 1 , Antonis Papadogiannakis 2 , Sotiris Ioannidis 3
Affiliation
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by randomizing the instruction set of each process. Thereby, even if an attacker succeeds to inject code, it will fail to execute on the randomized processor. The majority of existing ISR implementations is based on emulators and binary instrumentation tools that unfortunately: (i) incur significant runtime performance overheads, (ii) limit the ease of deployment, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts that bypass the ISR protection itself. To address these issues, we present the design and implementation of ASIST, an architecture with both hardware and operating system support for ISR. ASIST uses our extended SPARC processor that is mapped onto a FPGA board and runs our modified Linux kernel to support the new features. In particular, before executing a new user-level process, the operating system loads its randomization key into a newly defined register, and the modified processor decodes the process’s instructions with this key. Besides that, ASIST uses a separate randomization key for the operating system to protect the base system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges. Our evaluation shows that ASIST can transparently protect both user-land applications and the operating system kernel from code injection and code reuse attacks, with about 1.5% runtime overhead when using simple encryption schemes, such as XOR and Transposition; more secure ciphers, such as AES, even though they are much more complicated for mapping them to hardware, they are still within acceptable margins,with approximately 10% runtime overhead, when efficiently leveraging the spatial locality of code through modern instruction cache configurations.
中文翻译:
关于指令集随机化的架构支持
指令集随机化 (ISR) 能够通过随机化每个进程的指令集来防止远程代码注入攻击。因此,即使攻击者成功注入代码,它也将无法在随机处理器上执行。大多数现有的 ISR 实现都基于仿真器和二进制检测工具,不幸的是:(i) 产生显着的运行时性能开销,(ii) 限制了部署的便利性,(iii) 无法保护底层操作系统内核,以及 (iv)容易受到绕过 ISR 保护本身的规避尝试的攻击。为了解决这些问题,我们介绍了 ASIST 的设计和实现,这是一种同时支持 ISR 的硬件和操作系统的架构。ASIST 使用我们扩展的 SPARC 处理器,该处理器映射到 FPGA 板上并运行我们修改后的 Linux 内核以支持新功能。特别是,在执行新的用户级进程之前,操作系统将其随机化密钥加载到新定义的寄存器中,修改后的处理器使用该密钥对进程的指令进行解码。除此之外,ASIST 为操作系统使用单独的随机密钥来保护基本系统免受利用内核漏洞以提升权限运行任意代码的攻击。我们的评估表明,ASIST 可以透明地保护用户级应用程序和操作系统内核免受代码注入和代码重用攻击,当使用简单的加密方案(如 XOR 和转置)时,运行时开销约为 1.5%;更安全的密码,例如 AES,
更新日期:2020-11-10
中文翻译:
关于指令集随机化的架构支持
指令集随机化 (ISR) 能够通过随机化每个进程的指令集来防止远程代码注入攻击。因此,即使攻击者成功注入代码,它也将无法在随机处理器上执行。大多数现有的 ISR 实现都基于仿真器和二进制检测工具,不幸的是:(i) 产生显着的运行时性能开销,(ii) 限制了部署的便利性,(iii) 无法保护底层操作系统内核,以及 (iv)容易受到绕过 ISR 保护本身的规避尝试的攻击。为了解决这些问题,我们介绍了 ASIST 的设计和实现,这是一种同时支持 ISR 的硬件和操作系统的架构。ASIST 使用我们扩展的 SPARC 处理器,该处理器映射到 FPGA 板上并运行我们修改后的 Linux 内核以支持新功能。特别是,在执行新的用户级进程之前,操作系统将其随机化密钥加载到新定义的寄存器中,修改后的处理器使用该密钥对进程的指令进行解码。除此之外,ASIST 为操作系统使用单独的随机密钥来保护基本系统免受利用内核漏洞以提升权限运行任意代码的攻击。我们的评估表明,ASIST 可以透明地保护用户级应用程序和操作系统内核免受代码注入和代码重用攻击,当使用简单的加密方案(如 XOR 和转置)时,运行时开销约为 1.5%;更安全的密码,例如 AES,
京公网安备 11010802027423号