Projekte pro Jahr
Abstract
Physically exposed embedded devices used in the IoT or automotive area are frequently targeted by fault attacks. Mitigating this threat is crucial as such attacks can be used to hijack the control-flow and bypass secure boot, gain arbitrary code execution, or retrieve sensitive information. However, control-flow integrity (CFI), which aims to be an effective countermeasure thwarting fault induced control-flow hijacking attacks, do not protect addresses, allowing an attacker to still hijack the control-flow of indirect branches. To counteract unwanted bit flips, data encoding schemes are frequently used to add redundancy to these addresses. However, as software-based data encoding schemes yield large runtime overheads, encoding schemes typically require custom CPU changes, which are not feasible for off-the-shelf systems. Hence, software-based address redundancy schemes for commodity devices are needed to thwart fault attacks on indirect branches. In this paper, we utilize the ARM pointer authentication feature of recent ARM architectures to efficiently protect the target addresses of indirect calls. In addition to the address protection, we further enhance the state update function of existing CFI schemes to protect the link between indirect control-flow transfers. To demonstrate how these defense mechanisms improve the protection of state-of-the-art CFI countermeasures, we integrate our address encoding and linking strategy into a previously introduced CFI scheme. We further extend a LLVM-based toolchain to automatically thwart fault attacks on indirect branches without user interaction. Our analysis shows an negligible overhead of less than 2.34% on average for protecting target addresses of indirect branches and the link between indirect branches for SPEC2017.
Originalsprache | englisch |
---|---|
Titel | Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021 |
Seiten | 68-79 |
Seitenumfang | 12 |
ISBN (elektronisch) | 9781665413572 |
DOIs | |
Publikationsstatus | Veröffentlicht - 2021 |
Veranstaltung | 2021 IEEE International Symposium on Hardware Oriented Security and Trust: HOST 2021 - Washington DC, USA / Vereinigte Staaten Dauer: 12 Dez. 2021 → 15 Dez. 2021 http://www.hostsymposium.org/ |
Publikationsreihe
Name | Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021 |
---|
Konferenz
Konferenz | 2021 IEEE International Symposium on Hardware Oriented Security and Trust |
---|---|
Kurztitel | HOST 2021 |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Washington DC |
Zeitraum | 12/12/21 → 15/12/21 |
Internetadresse |
ASJC Scopus subject areas
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
- Hardware und Architektur
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „Protecting Indirect Branches against Fault Attacks using ARM Pointer Authentication“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 1 Abgeschlossen
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
1/09/16 → 31/08/21
Projekt: Forschungsprojekt