JavaScript is disabled for your browser. Some features of this site may not work without it.
| Title: | HardScope: Hardening Embedded Systems Against Data-Oriented Attacks |
| Author(s): | Nyman, Thomas ; Dessouky, Ghada ; Zeitouni, Shaza ; Lehikoinen, Aaro ; Paverd, Andrew ; Asokan, N. ; Sadeghi, Ahmad-Reza |
| Date: | 2019-06-02 |
| Language: | en |
| Pages: | 6 |
| Department: | Adj. Prof Asokan N. group Technische Universität Darmstadt Department of Computer Science Helsinki Institute for Information Technology (HIIT) |
| ISBN: | 978-1-7281-2426-1 978-1-4503-6725-7 |
| Series: | Proceedings of the 56th Annual Design Automation Conference 2019, DAC 2019, Proceedings - Design Automation Conference |
| ISSN: | 0738-100X |
| DOI-number: | 10.1145/3316781.3317836 |
|
|
|
|
This publication is imported from Aalto University Research information portal: https://research.aalto.fi
> View this publication in Research information portal > Other link related to publication (Research information portal) |
|
|
Nyman , T , Dessouky , G , Zeitouni , S , Lehikoinen , A , Paverd , A , Asokan , N & Sadeghi , A-R 2019 , HardScope: Hardening Embedded Systems Against Data-Oriented Attacks . in Proceedings of the 56th Annual Design Automation Conference 2019, DAC 2019 . , 63 , Proceedings - Design Automation Conference , ACM , Design Automation Conference , Las Vegas , Nevada , United States , 02/06/2019 . https://doi.org/10.1145/3316781.3317836 |
|
Abstract:Memory-unsafe programming languages like C and C++ leave many (embedded) systems vulnerable to attacks like control-flow hijacking. However, defenses against control-flow attacks, such as (fine-grained) randomization or control-flow integrity are in-effective against data-oriented attacks and more expressive Data-oriented Programming (DOP) attacks that bypass state-of-the-art defenses. We propose run-time scope enforcement (RSE), a novel approach that efficiently mitigates all currently known DOP attacks by enforcing compile-time memory safety constraints like variable visibility rules at run-time. We present Hardscope, a proof-of-concept implementation of hardware-assisted RSE for RISC-V, and show it has a low performance overhead of 3.2% for embedded benchmarks.
|
|
|
|
|
Description:| openaire: EC/H2020/643964/EU//SUPERCLOUD
|
|
|
|
|
Files in this item
| Files | Size | Format | View |
|---|---|---|---|
|
There are no open access files associated with this item. |
|||
This item appears in the following Collection(s)
Submit a publication
Browse
Statistics
© Aalto University Learning Centre
Page content by: Aalto University Learning Centre | Privacy policy of the service | About this site
en