Projects per year
Abstract
Physically exposed embedded devices used in the IoT or automotive area are frequently targeted by fault attacks. Mitigating this threat is crucial as such attacks can be used to hijack the control-flow and bypass secure boot, gain arbitrary code execution, or retrieve sensitive information. However, control-flow integrity (CFI), which aims to be an effective countermeasure thwarting fault induced control-flow hijacking attacks, do not protect addresses, allowing an attacker to still hijack the control-flow of indirect branches. To counteract unwanted bit flips, data encoding schemes are frequently used to add redundancy to these addresses. However, as software-based data encoding schemes yield large runtime overheads, encoding schemes typically require custom CPU changes, which are not feasible for off-the-shelf systems. Hence, software-based address redundancy schemes for commodity devices are needed to thwart fault attacks on indirect branches. In this paper, we utilize the ARM pointer authentication feature of recent ARM architectures to efficiently protect the target addresses of indirect calls. In addition to the address protection, we further enhance the state update function of existing CFI schemes to protect the link between indirect control-flow transfers. To demonstrate how these defense mechanisms improve the protection of state-of-the-art CFI countermeasures, we integrate our address encoding and linking strategy into a previously introduced CFI scheme. We further extend a LLVM-based toolchain to automatically thwart fault attacks on indirect branches without user interaction. Our analysis shows an negligible overhead of less than 2.34% on average for protecting target addresses of indirect branches and the link between indirect branches for SPEC2017.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021 |
Pages | 68-79 |
Number of pages | 12 |
ISBN (Electronic) | 9781665413572 |
DOIs | |
Publication status | Published - 2021 |
Event | 2021 IEEE International Symposium on Hardware Oriented Security and Trust: HOST 2021 - Washington DC, United States Duration: 12 Dec 2021 → 15 Dec 2021 http://www.hostsymposium.org/ |
Publication series
Name | Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021 |
---|
Conference
Conference | 2021 IEEE International Symposium on Hardware Oriented Security and Trust |
---|---|
Abbreviated title | HOST 2021 |
Country/Territory | United States |
City | Washington DC |
Period | 12/12/21 → 15/12/21 |
Internet address |
Keywords
- addresses
- ARM pointer authentication
- control-flow integrity
- fault attacks
- indirect branches
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Hardware and Architecture
- Computer Networks and Communications
Fingerprint
Dive into the research topics of 'Protecting Indirect Branches against Fault Attacks using ARM Pointer Authentication'. Together they form a unique fingerprint.Projects
- 1 Finished
-
EU - SOPHIA - Securing Software against Physical Attacks
Mangard, S. (Co-Investigator (CoI))
1/09/16 → 31/12/21
Project: Research project