HardScope: Hardening Embedded Systems Against Data-Oriented Attacks

Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

480 Downloads (Pure)

Abstract

Memory-unsafe programming languages like C and C++ leave many (embedded) systems vulnerable to attacks like control-flow hijacking. However, defenses against control-flow attacks, such as (fine-grained) randomization or control-flow integrity are in-effective against data-oriented attacks and more expressive Data-oriented Programming (DOP) attacks that bypass state-of-the-art defenses.

We propose run-time scope enforcement (RSE), a novel approach that efficiently mitigates all currently known DOP attacks by enforcing compile-time memory safety constraints like variable visibility rules at run-time. We present Hardscope, a proof-of-concept implementation of hardware-assisted RSE for RISC-V, and show it has a low performance overhead of 3.2% for embedded benchmarks.
Original languageEnglish
Title of host publicationProceedings of the 56th Annual Design Automation Conference 2019, DAC 2019
PublisherACM
Number of pages6
ISBN (Electronic)978-1-4503-6725-7
ISBN (Print)978-1-7281-2426-1
DOIs
Publication statusPublished - 2 Jun 2019
MoE publication typeA4 Conference publication
EventDesign Automation Conference - Las Vegas, United States
Duration: 2 Jun 20196 Jun 2019
Conference number: 56

Publication series

NameProceedings - Design Automation Conference
PublisherACM
ISSN (Electronic)0738-100X

Conference

ConferenceDesign Automation Conference
Country/TerritoryUnited States
CityLas Vegas
Period02/06/201906/06/2019

Fingerprint

Dive into the research topics of 'HardScope: Hardening Embedded Systems Against Data-Oriented Attacks'. Together they form a unique fingerprint.

Cite this