2 research outputs found
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Widespread use of memory unsafe programming languages (e.g., C and C++)
leaves many systems vulnerable to memory corruption attacks. A variety of
defenses have been proposed to mitigate attacks that exploit memory errors to
hijack the control flow of the code at run-time, e.g., (fine-grained)
randomization or Control Flow Integrity. However, recent work on data-oriented
programming (DOP) demonstrated highly expressive (Turing-complete) attacks,
even in the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet
available. We propose run-time scope enforcement (RSE), a novel approach
designed to efficiently mitigate all currently known DOP attacks by enforcing
compile-time memory safety constraints (e.g., variable visibility rules) at
run-time. We present HardScope, a proof-of-concept implementation of
hardware-assisted RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which demonstrates
that it can mitigate all currently known DOP attacks, and has a real-world
performance overhead of 3.2% in embedded benchmarks
HardScope : Run-time variable scope enforcement as a defense against data-oriented programming attacks
Memory errors exist in software written in memory-unsafe languages like C. They introduce
severe vulnerabilities in software. Vulnerabilities may even be exploited by attackers over
the Internet and sometimes they can be used to gain complete control of computer systems.
Exploitation of memory errors is usually not trivial, but requires building an attack that
corrupts the memory carefully to achieve the attacker’s goal. Multiple defenses against
memory attacks exist and modern systems have complete defenses in place against certain
attack classes. All defenses cannot be applied to all systems, and they do not protect against
all possible attacks.
Data-Oriented Programming (DOP) attacks are a new class of attacks that utilize the
target program’s existing code to perform malicious operations. DOP differs from other
attacks like Return-Oriented Programming (ROP) by avoiding control-flow violations, making
it impossible to prevent with control-flow defenses. We analyze existing DOP attacks and
determine that their expressiveness in real-world programs requires violating C variable
visibility rules. We introduce Run-time Scope Enforcement (RSE), a defense that enforces
variable visibility rules at run time.
In this thesis, we introduce HardScope, our hardware-assisted implementation of RSE.
HardScope has an instrumentation engine that instruments C programs with code that
maintains variable visibility rules during execution. The run-time platform is based on
RISC-V and consists of instruction set extensions and new processor logic that performs the
enforcement. Evaluation shows that HardScope has low performance overhead and that it
defends against existing DOP attacks