SOFIA : software and control flow integrity architecture

Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor

Binary Exploitation in Industrial Control Systems: Past, Present and Future

Despite being a decades-old problem, binary exploitation still remains a serious issue in computer security. It is mainly due to the prevalence of memory corruption errors in programs written with notoriously unsafe but yet indispensable programming languages like C and C++. For the past 30 years, the nip-and-tuck battle in memory between attackers and defenders has been getting more technical, versatile, and automated. With raised bar for exploitation in common information technology (IT) systems owing to hardened mitigation techniques, and with unintentionally opened doors into industrial control systems (ICS) due to the proliferation of industrial internet of things (IIoT), we argue that we will see an increased number of cyber attacks leveraging binary exploitation on ICS in the near future. However, while this topic generates a very rich and abundant body of research in common IT systems, there is a lack of systematic study targeting this topic in ICS. The present work aims at filling this gap and serves as a comprehensive walkthrough of binary exploitation in ICS. Apart from providing an analysis of the past cyber attacks leveraging binary exploitation on ICS and the ongoing attack surface transition, we give a review of the attack techniques and mitigation techniques on both general-purpose computers and embedded devices. At the end, we conclude this work by stressing the importance of network-based intrusion detection, considering the dominance of resource-constrained real-time embedded devices, low-end embedded devices in ICS, and the limited ability to deploy arbitrary defense mechanism directly on these devices

Code-Reuse Attacks and Defenses

Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almost three decades and no end seems to be in sight. In particular, code-reuse techniques such as return-oriented programming offer a robust attack technique that is extensively used to exploit memory corruption vulnerabilities in modern software programs (e.g. web browsers or document viewers). Whereas conventional control-flow attacks (runtime exploits) require the injection of malicious code, code-reuse attacks leverage code that is already present in the address space of an application to undermine the security model of data execution prevention (DEP). In addition, code-reuse attacks in conjunction with memory disclosure attack techniques circumvent the widely applied memory protection model of address space layout randomization (ASLR). To counter this ingenious attack strategy, several proposals for enforcement of control-flow integrity (CFI) and fine-grained code randomization have emerged. In this dissertation, we explore the limitations of existing defenses against code-reuse attacks. In particular, we demonstrate that various coarse-grained CFI solutions can be effectively undermined, even under weak adversarial assumptions. Moreover, we explore a new return-oriented programming attack technique that is solely based on indirect jump and call instructions to evade detection from defenses that perform integrity checks for return addresses. To tackle the limitations of existing defenses, this dissertation introduces the design and implementation of several new countermeasures. First, we present a generic and fine-grained CFI framework for mobile devices targeting ARM-based platforms. This framework preserves static code signatures by instrumenting mobile applications on-the-fly in memory. Second, we tackle the performance and security limitations of existing CFI defenses by introducing hardware-assisted CFI for embedded devices. To this end, we present a CFI-based hardware implementation for Intel Siskiyou Peak using dedicated CFI machine instructions. Lastly, we explore fine-grained code randomization techniques