Toward Hardware-assisted Run-time Protection

Software defects, such as buffer overflows, are prominent enablers of cyberattacks in programs written in memory-unsafe programming languages. As a consequence, vulnerable software programs can be exploited by a sophisticated adversary through run-time attacks to trigger program actions never intended by the software developer, and even to gain unauthorized access to the computer system. For example, the adversary can corrupt memory references (pointers) to program code stored in memory to hijack the flow of execution, and redirect the processor to execute instructions chosen by the adversary. Such control-flow attacks can be particularly devastating, as they can allow arbitrary code execution, and grant complete control of a victim system to an adversary. Recently, data-oriented attacks have been shown to enable equally expressive attacks, without violating the integrity of control-flows within the victim program. Over the past thirty years, there has been an ever-escalating arms race between increasingly sophisticated attacks and defenses to thwart them. Software-only defenses that retrofit programs written in C and C++ with memory-safety or control-flow integrity (CFI) guarantees can be effective against large classes of attacks but are prohibitively expensive. Recently, there have also been significant advances by both researchers and practitioners in understanding and defending against run-time attacks, especially those that attempt to defeat CFI. Practical defenses against run-time attacks must consider how to trade-off security, performance and deployability. The goal of this dissertation is to investigate how hardware-assisted defenses can protect against run-time attacks without incurring a significant performance penalty. Hardware-assisted defenses have been shown to drastically improve the efficiency of attack detection but face various deployment challenges, such as requiring 1) invasive changes to the underlying processor architecture or system software stack, and 2) overly-restrictive security policies, which have difficulties dealing with the inherent flexibility of C and C++, leading to compatibility issues with existing software. In particular the work described in this dissertation provides advances in the following reserch topics: 1) adapting hardware-assisted defenses for embedded systems, including low-end microcontrollers (MCUs), where the challenges for deployment are amplified, 2) remotely attesting the control-flow to learn about run-time attacks, and the dynamic behaviour of an embedded device, and 3) showing how hardware-assisted defenses can defend against attacks that defeat CFI. Finally, I present my own observations about the state-of-the-art and practice in hardware-assisted run-time defenses, and discuss potential directions for future research.