PACStack: an Authenticated Call Stack

Hans Liljestrand; Thomas Nyman; Lachlan J Gunn; Jan-Erik Ekberg; N. Asokan

PACStack: an Authenticated Call Stack

Hans Liljestrand, Thomas Nyman, Lachlan J Gunn, Jan-Erik Ekberg, N. Asokan

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference contribution › Scientific › vertaisarvioitu

Abstrakti

A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return address manipulation. Shadow stacks record return addresses in integrity-protected memory secured with hardware-assistance or software access control. Software shadow stacks incur high overheads or trade off security for efficiency. Hardware-assisted shadow stacks are efficient and secure, but require the deployment of special-purpose hardware.
We present authenticated call stack (ACS), an approach that uses chained message authentication codes (MACs). Our prototype, PACStack, uses the ARM general purpose hardware mechanism for pointer authentication (PA) to implement ACS. Via a rigorous security analysis, we show that PACStack achieves security comparable to hardware-assisted shadow stacks without requiring dedicated hardware. We demonstrate that PACStack's performance overhead is small (~3%).

Alkuperäiskieli	Englanti
Otsikko	Proceedings of the 30th USENIX Security Symposium
Kustantaja	USENIX -The Advanced Computing Systems Association
Sivumäärä	18
ISBN (elektroninen)	978-1-939133-24-3
Tila	Julkaistu - elok. 2020
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	USENIX Security Symposium - Virtual, Online Kesto: 11 elok. 2021 → 13 elok. 2021 Konferenssinumero: 30

Conference

Conference	USENIX Security Symposium
Lyhennettä	USENIX
Kaupunki	Virtual, Online
Ajanjakso	11/08/2021 → 13/08/2021

Pääsy asiakirjaan

OpenUrl-saatavuus

Koko teksti

Science-IT
Mikko Hakala (Manager)
Perustieteiden korkeakoulu
Laitteistot/tilat: Facility

Design Across Layers: Achieving More by Joining Hardware, Software, and Cryptography
Lachlan Gunn (Puhuja)
11 syysk. 2023
Aktiviteetti: Kutsuttu akateeminen esitelmä

Tiedosto

Siteeraa tätä

@inproceedings{fc3faebc5d1c4d18a80a06a0a68cc039,

title = "PACStack: an Authenticated Call Stack",

abstract = "A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return address manipulation. Shadow stacks record return addresses in integrity-protected memory secured with hardware-assistance or software access control. Software shadow stacks incur high overheads or trade off security for efficiency. Hardware-assisted shadow stacks are efficient and secure, but require the deployment of special-purpose hardware.We present authenticated call stack (ACS), an approach that uses chained message authentication codes (MACs). Our prototype, PACStack, uses the ARM general purpose hardware mechanism for pointer authentication (PA) to implement ACS. Via a rigorous security analysis, we show that PACStack achieves security comparable to hardware-assisted shadow stacks without requiring dedicated hardware. We demonstrate that PACStack's performance overhead is small (~3%).",

author = "Hans Liljestrand and Thomas Nyman and Gunn, {Lachlan J} and Jan-Erik Ekberg and N. Asokan",

year = "2020",

month = aug,

language = "English",

booktitle = "Proceedings of the 30th USENIX Security Symposium",

publisher = "USENIX -The Advanced Computing Systems Association",

address = "United States",

note = "USENIX Security Symposium, USENIX ; Conference date: 11-08-2021 Through 13-08-2021",

}

TY - GEN

T1 - PACStack: an Authenticated Call Stack

AU - Liljestrand, Hans

AU - Nyman, Thomas

AU - Gunn, Lachlan J

AU - Ekberg, Jan-Erik

AU - Asokan, N.

N1 - Conference code: 30

PY - 2020/8

Y1 - 2020/8

N2 - A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return address manipulation. Shadow stacks record return addresses in integrity-protected memory secured with hardware-assistance or software access control. Software shadow stacks incur high overheads or trade off security for efficiency. Hardware-assisted shadow stacks are efficient and secure, but require the deployment of special-purpose hardware.We present authenticated call stack (ACS), an approach that uses chained message authentication codes (MACs). Our prototype, PACStack, uses the ARM general purpose hardware mechanism for pointer authentication (PA) to implement ACS. Via a rigorous security analysis, we show that PACStack achieves security comparable to hardware-assisted shadow stacks without requiring dedicated hardware. We demonstrate that PACStack's performance overhead is small (~3%).

AB - A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return address manipulation. Shadow stacks record return addresses in integrity-protected memory secured with hardware-assistance or software access control. Software shadow stacks incur high overheads or trade off security for efficiency. Hardware-assisted shadow stacks are efficient and secure, but require the deployment of special-purpose hardware.We present authenticated call stack (ACS), an approach that uses chained message authentication codes (MACs). Our prototype, PACStack, uses the ARM general purpose hardware mechanism for pointer authentication (PA) to implement ACS. Via a rigorous security analysis, we show that PACStack achieves security comparable to hardware-assisted shadow stacks without requiring dedicated hardware. We demonstrate that PACStack's performance overhead is small (~3%).

M3 - Conference contribution

BT - Proceedings of the 30th USENIX Security Symposium

PB - USENIX -The Advanced Computing Systems Association

T2 - USENIX Security Symposium

Y2 - 11 August 2021 through 13 August 2021

ER -

PACStack: an Authenticated Call Stack

Abstrakti

Conference

Pääsy asiakirjaan

OpenUrl-saatavuus

Sormenjälki

Laitteet

Science-IT

Aktiviteetit

Design Across Layers: Achieving More by Joining Hardware, Software, and Cryptography

Siteeraa tätä