ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Koustubha Bhat; Erik van der Kouwe; Herbert Bos; Cristiano Giuffrida

doi:10.1145/3297858.3304073

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

285 Downloads (Pure)

Abstract

Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

Original language	English
Title of host publication	ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems
Publisher	Association for Computing Machinery
Pages	545-558
Number of pages	14
ISBN (Electronic)	9781450362405
DOIs	https://doi.org/10.1145/3297858.3304073
Publication status	Published - 4 Apr 2019
Event	24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019 - Providence, United States Duration: 13 Apr 2019 → 17 Apr 2019

Conference

Conference	24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019
Country/Territory	United States
City	Providence
Period	13/04/19 → 17/04/19

Keywords

code reuse
graceful performance degradation
hotpatching
information hiding
performancesecurity tradeoff
processor trace
program transformations
reactive defenses
security hardening
software bugs

Access to Document

10.1145/3297858.3304073

ProbeGuardFinal published version, 1.21 MBLicence: Article 25fa Dutch Copyright Act

Handle.net

Persistent link

Cite this

Bhat, K., van der Kouwe, E., Bos, H., & Giuffrida, C. (2019). ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. In ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 545-558). Association for Computing Machinery. https://doi.org/10.1145/3297858.3304073

@inproceedings{7791ee6d5c954649a0914d8905c8424a,

title = "ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations",

abstract = "Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.",

keywords = "code reuse, graceful performance degradation, hotpatching, information hiding, performancesecurity tradeoff, processor trace, program transformations, reactive defenses, security hardening, software bugs",

author = "Koustubha Bhat and {van der Kouwe}, Erik and Herbert Bos and Cristiano Giuffrida",

year = "2019",

month = apr,

day = "4",

doi = "10.1145/3297858.3304073",

language = "English",

pages = "545--558",

booktitle = "ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems",

publisher = "Association for Computing Machinery",

note = "24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019 ; Conference date: 13-04-2019 Through 17-04-2019",

}

Bhat, K, van der Kouwe, E , Bos, H & Giuffrida, C 2019, ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. in ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, pp. 545-558, 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, United States, 13/04/19. https://doi.org/10.1145/3297858.3304073

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. / Bhat, Koustubha; van der Kouwe, Erik ; Bos, Herbert et al.
ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2019. p. 545-558.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ProbeGuard

T2 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019

AU - Bhat, Koustubha

AU - van der Kouwe, Erik

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2019/4/4

Y1 - 2019/4/4

N2 - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

AB - Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

KW - code reuse

KW - graceful performance degradation

KW - hotpatching

KW - information hiding

KW - performancesecurity tradeoff

KW - processor trace

KW - program transformations

KW - reactive defenses

KW - security hardening

KW - software bugs

UR - http://www.scopus.com/inward/record.url?scp=85064638237&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064638237&partnerID=8YFLogxK

U2 - 10.1145/3297858.3304073

DO - 10.1145/3297858.3304073

M3 - Conference contribution

AN - SCOPUS:85064638237

SP - 545

EP - 558

BT - ASPLOS '19 - Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems

PB - Association for Computing Machinery

Y2 - 13 April 2019 through 17 April 2019

ER -

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Abstract

Conference

Keywords

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this