TY - GEN
T1 - ProbeGuard
T2 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019
AU - Bhat, Koustubha
AU - van der Kouwe, Erik
AU - Bos, Herbert
AU - Giuffrida, Cristiano
PY - 2019/4/4
Y1 - 2019/4/4
N2 - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.
AB - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.
KW - code reuse
KW - graceful performance degradation
KW - hotpatching
KW - information hiding
KW - performancesecurity tradeoff
KW - processor trace
KW - program transformations
KW - reactive defenses
KW - security hardening
KW - software bugs
UR - http://www.scopus.com/inward/record.url?scp=85064638237&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85064638237&partnerID=8YFLogxK
U2 - 10.1145/3297858.3304073
DO - 10.1145/3297858.3304073
M3 - Conference contribution
AN - SCOPUS:85064638237
SP - 545
EP - 558
BT - ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems
PB - Association for Computing Machinery
Y2 - 13 April 2019 through 17 April 2019
ER -