Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization

Seung Hun Kim, Lei Xu, Ziyi Liu, Zhiqiang Lin, Won Woo Ro, Weidong Shi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

We present a micro-architecture based lightweight framework to enhance dependability and security of software against code reuse attack. Different from the prior hardware based approaches for mitigating code reuse attacks, our solution is based on software diversity and instruction level control flow randomization. Generally, software based instruction location randomization (ILR) using binary emulator as a mediation layer has been shown to be effective for thwarting code reuse attacks like return oriented programming (ROP). However, our in-depth studies show that straightforward and naive implementation of ILR at the micro-architecture level will incur major performance deficiencies in terms of instruction fetch and cache utilization. For example, straightforward implementation of ILR increases the first level instruction cache miss rates on average by more than 9 times for a set of SPEC CPU2006 benchmarks. To address these issues, we present a novel micro-architecture design that can support native execution of control flow randomized software binary while at the same time preserve the performance of instruction fetch and efficient use of on-chip caches. The proposed design is evaluated by extending cycle based x86 architecture simulator, XIOSim with validated power simulation. Performance evaluation on SPEC CPU2006 benchmarks shows an average speedup of 1.63 times compared to the hardware implementation of ILR. Using the proposed approach, direct execution of ILR software incurs only 2.1% IPC performance slowdown with a very small hardware overhead.

Original languageEnglish
Title of host publicationProceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
PublisherIEEE Computer Society
Pages251-262
Number of pages12
ISBN (Electronic)9781479986293
DOIs
Publication statusPublished - 2015 Sep 14
Event45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 - Rio de Janeiro, Brazil
Duration: 2015 Jun 222015 Jun 25

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks
Volume2015-September

Other

Other45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
CountryBrazil
CityRio de Janeiro
Period15/6/2215/6/25

Fingerprint

Hardware
Level control
Flow control
Simulators

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Kim, S. H., Xu, L., Liu, Z., Lin, Z., Ro, W. W., & Shi, W. (2015). Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization. In Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 (pp. 251-262). [7266855] (Proceedings of the International Conference on Dependable Systems and Networks; Vol. 2015-September). IEEE Computer Society. https://doi.org/10.1109/DSN.2015.48
Kim, Seung Hun ; Xu, Lei ; Liu, Ziyi ; Lin, Zhiqiang ; Ro, Won Woo ; Shi, Weidong. / Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization. Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. IEEE Computer Society, 2015. pp. 251-262 (Proceedings of the International Conference on Dependable Systems and Networks).
@inproceedings{8cbbc1bad65d4bd58f3e8561a0362306,
title = "Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization",
abstract = "We present a micro-architecture based lightweight framework to enhance dependability and security of software against code reuse attack. Different from the prior hardware based approaches for mitigating code reuse attacks, our solution is based on software diversity and instruction level control flow randomization. Generally, software based instruction location randomization (ILR) using binary emulator as a mediation layer has been shown to be effective for thwarting code reuse attacks like return oriented programming (ROP). However, our in-depth studies show that straightforward and naive implementation of ILR at the micro-architecture level will incur major performance deficiencies in terms of instruction fetch and cache utilization. For example, straightforward implementation of ILR increases the first level instruction cache miss rates on average by more than 9 times for a set of SPEC CPU2006 benchmarks. To address these issues, we present a novel micro-architecture design that can support native execution of control flow randomized software binary while at the same time preserve the performance of instruction fetch and efficient use of on-chip caches. The proposed design is evaluated by extending cycle based x86 architecture simulator, XIOSim with validated power simulation. Performance evaluation on SPEC CPU2006 benchmarks shows an average speedup of 1.63 times compared to the hardware implementation of ILR. Using the proposed approach, direct execution of ILR software incurs only 2.1{\%} IPC performance slowdown with a very small hardware overhead.",
author = "Kim, {Seung Hun} and Lei Xu and Ziyi Liu and Zhiqiang Lin and Ro, {Won Woo} and Weidong Shi",
year = "2015",
month = "9",
day = "14",
doi = "10.1109/DSN.2015.48",
language = "English",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
publisher = "IEEE Computer Society",
pages = "251--262",
booktitle = "Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015",
address = "United States",

}

Kim, SH, Xu, L, Liu, Z, Lin, Z, Ro, WW & Shi, W 2015, Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization. in Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015., 7266855, Proceedings of the International Conference on Dependable Systems and Networks, vol. 2015-September, IEEE Computer Society, pp. 251-262, 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, Rio de Janeiro, Brazil, 15/6/22. https://doi.org/10.1109/DSN.2015.48

Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization. / Kim, Seung Hun; Xu, Lei; Liu, Ziyi; Lin, Zhiqiang; Ro, Won Woo; Shi, Weidong.

Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. IEEE Computer Society, 2015. p. 251-262 7266855 (Proceedings of the International Conference on Dependable Systems and Networks; Vol. 2015-September).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization

AU - Kim, Seung Hun

AU - Xu, Lei

AU - Liu, Ziyi

AU - Lin, Zhiqiang

AU - Ro, Won Woo

AU - Shi, Weidong

PY - 2015/9/14

Y1 - 2015/9/14

N2 - We present a micro-architecture based lightweight framework to enhance dependability and security of software against code reuse attack. Different from the prior hardware based approaches for mitigating code reuse attacks, our solution is based on software diversity and instruction level control flow randomization. Generally, software based instruction location randomization (ILR) using binary emulator as a mediation layer has been shown to be effective for thwarting code reuse attacks like return oriented programming (ROP). However, our in-depth studies show that straightforward and naive implementation of ILR at the micro-architecture level will incur major performance deficiencies in terms of instruction fetch and cache utilization. For example, straightforward implementation of ILR increases the first level instruction cache miss rates on average by more than 9 times for a set of SPEC CPU2006 benchmarks. To address these issues, we present a novel micro-architecture design that can support native execution of control flow randomized software binary while at the same time preserve the performance of instruction fetch and efficient use of on-chip caches. The proposed design is evaluated by extending cycle based x86 architecture simulator, XIOSim with validated power simulation. Performance evaluation on SPEC CPU2006 benchmarks shows an average speedup of 1.63 times compared to the hardware implementation of ILR. Using the proposed approach, direct execution of ILR software incurs only 2.1% IPC performance slowdown with a very small hardware overhead.

AB - We present a micro-architecture based lightweight framework to enhance dependability and security of software against code reuse attack. Different from the prior hardware based approaches for mitigating code reuse attacks, our solution is based on software diversity and instruction level control flow randomization. Generally, software based instruction location randomization (ILR) using binary emulator as a mediation layer has been shown to be effective for thwarting code reuse attacks like return oriented programming (ROP). However, our in-depth studies show that straightforward and naive implementation of ILR at the micro-architecture level will incur major performance deficiencies in terms of instruction fetch and cache utilization. For example, straightforward implementation of ILR increases the first level instruction cache miss rates on average by more than 9 times for a set of SPEC CPU2006 benchmarks. To address these issues, we present a novel micro-architecture design that can support native execution of control flow randomized software binary while at the same time preserve the performance of instruction fetch and efficient use of on-chip caches. The proposed design is evaluated by extending cycle based x86 architecture simulator, XIOSim with validated power simulation. Performance evaluation on SPEC CPU2006 benchmarks shows an average speedup of 1.63 times compared to the hardware implementation of ILR. Using the proposed approach, direct execution of ILR software incurs only 2.1% IPC performance slowdown with a very small hardware overhead.

UR - http://www.scopus.com/inward/record.url?scp=84950104614&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950104614&partnerID=8YFLogxK

U2 - 10.1109/DSN.2015.48

DO - 10.1109/DSN.2015.48

M3 - Conference contribution

AN - SCOPUS:84950104614

T3 - Proceedings of the International Conference on Dependable Systems and Networks

SP - 251

EP - 262

BT - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015

PB - IEEE Computer Society

ER -

Kim SH, Xu L, Liu Z, Lin Z, Ro WW, Shi W. Enhancing Software Dependability and Security with Hardware Supported Instruction Address Space Randomization. In Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. IEEE Computer Society. 2015. p. 251-262. 7266855. (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2015.48