ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

LanguageEnglish
Title of host publicationASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems
PublisherAssociation for Computing Machinery
Pages545-558
Number of pages14
ISBN (Electronic)9781450362405
DOIs
Publication statusPublished - 4 Apr 2019
Event24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019 - Providence, United States
Duration: 13 Apr 201917 Apr 2019

Conference

Conference24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019
CountryUnited States
CityProvidence
Period13/04/1917/04/19

Fingerprint

Data storage equipment

Keywords

  • code reuse
  • graceful performance degradation
  • hotpatching
  • information hiding
  • performancesecurity tradeoff
  • processor trace
  • program transformations
  • reactive defenses
  • security hardening
  • software bugs

Cite this

Bhat, K., Van Der Kouwe, E., Bos, H., & Giuffrida, C. (2019). ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. In ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 545-558). Association for Computing Machinery. https://doi.org/10.1145/3297858.3304073
Bhat, Koustubha ; Van Der Kouwe, Erik ; Bos, Herbert ; Giuffrida, Cristiano. / ProbeGuard : Mitigating Probing Attacks Through Reactive Program Transformations. ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2019. pp. 545-558
@inproceedings{7791ee6d5c954649a0914d8905c8424a,
title = "ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations",
abstract = "Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.",
keywords = "code reuse, graceful performance degradation, hotpatching, information hiding, performancesecurity tradeoff, processor trace, program transformations, reactive defenses, security hardening, software bugs",
author = "Koustubha Bhat and {Van Der Kouwe}, Erik and Herbert Bos and Cristiano Giuffrida",
year = "2019",
month = "4",
day = "4",
doi = "10.1145/3297858.3304073",
language = "English",
pages = "545--558",
booktitle = "ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems",
publisher = "Association for Computing Machinery",

}

Bhat, K, Van Der Kouwe, E, Bos, H & Giuffrida, C 2019, ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. in ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, pp. 545-558, 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, United States, 13/04/19. https://doi.org/10.1145/3297858.3304073

ProbeGuard : Mitigating Probing Attacks Through Reactive Program Transformations. / Bhat, Koustubha; Van Der Kouwe, Erik; Bos, Herbert; Giuffrida, Cristiano.

ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2019. p. 545-558.

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - ProbeGuard

T2 - Mitigating Probing Attacks Through Reactive Program Transformations

AU - Bhat, Koustubha

AU - Van Der Kouwe, Erik

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2019/4/4

Y1 - 2019/4/4

N2 - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

AB - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

KW - code reuse

KW - graceful performance degradation

KW - hotpatching

KW - information hiding

KW - performancesecurity tradeoff

KW - processor trace

KW - program transformations

KW - reactive defenses

KW - security hardening

KW - software bugs

UR - http://www.scopus.com/inward/record.url?scp=85064638237&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064638237&partnerID=8YFLogxK

U2 - 10.1145/3297858.3304073

DO - 10.1145/3297858.3304073

M3 - Conference contribution

SP - 545

EP - 558

BT - ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems

PB - Association for Computing Machinery

ER -

Bhat K, Van Der Kouwe E, Bos H, Giuffrida C. ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. In ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery. 2019. p. 545-558 https://doi.org/10.1145/3297858.3304073