PACStack: an Authenticated Call Stack

Hans Liljestrand, Thomas Nyman, Lachlan J Gunn, Jan-Erik Ekberg, N. Asokan

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference contributionScientificvertaisarvioitu

Abstrakti

A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return address manipulation. Shadow stacks record return addresses in integrity-protected memory secured with hardware-assistance or software access control. Software shadow stacks incur high overheads or trade off security for efficiency. Hardware-assisted shadow stacks are efficient and secure, but require the deployment of special-purpose hardware.
We present authenticated call stack (ACS), an approach that uses chained message authentication codes (MACs). Our prototype, PACStack, uses the ARM general purpose hardware mechanism for pointer authentication (PA) to implement ACS. Via a rigorous security analysis, we show that PACStack achieves security comparable to hardware-assisted shadow stacks without requiring dedicated hardware. We demonstrate that PACStack's performance overhead is small (~3%).
AlkuperäiskieliEnglanti
OtsikkoProceedings of the 30th USENIX Security Symposium
KustantajaUSENIX -The Advanced Computing Systems Association
Sivumäärä18
ISBN (elektroninen)978-1-939133-24-3
TilaJulkaistu - elok. 2020
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaUSENIX Security Symposium - Virtual, Online
Kesto: 11 elok. 202113 elok. 2021
Konferenssinumero: 30

Conference

ConferenceUSENIX Security Symposium
LyhennettäUSENIX
KaupunkiVirtual, Online
Ajanjakso11/08/202113/08/2021

Sormenjälki

Sukella tutkimusaiheisiin 'PACStack: an Authenticated Call Stack'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä