Hardware-assisted memory safety

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorEkberg, Jan-Erik, Adj. Prof., Aalto University, Department of Computer Science, Finland
dc.contributor.authorLiljestrand, Hans
dc.contributor.departmentTietotekniikan laitosfi
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.labSecure Systems Groupen
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorAsokan, N. Prof., Aalto University, Department of Computer Science, Finland
dc.date.accessioned2020-01-09T10:01:09Z
dc.date.available2020-01-09T10:01:09Z
dc.date.defence2020-01-20
dc.date.issued2020
dc.description.abstractComputers today are ubiquitous and closely integrated into our everyday lives. But computers are fickle in nature. Programs are written by fallible humans and run on imperfect hardware. As a result, computer systems are plagued by memory vulnerabilities. Many remedies exist; from defensive programming techniques to memory-safe languages. But these approaches require security-expertise and costly porting of existing code. To achieve wide-spread use, we must integrate security into existing tools and languages. Moreover, this must be done with minimal performance and deployment costs. New security features are being rolled out in commodity hardware. They hold the promise of security, but are non-trivial to use effectively. In this dissertation, I show how compile-time instrumentation can use such hardware for performant memory-safety solutions. We explore the recently introduced ARMv8.3-A PA and Intel MPX extensions. PA supports hardware-accelerated signing and verification of pointers. Not only do we address weaknesses in prior PA-based defenses, but we also present novel solutions for memory safety. In particular, we demonstrate how PA can be used for run-time type checking, precise return address protection, and stack safety. Userspace MPX-instrumentation is well-known and uses in-memory metadata to provide bounds checking of memory accesses. The kernel is paramount for security, but using MPX to protect is not straightforward. Because the kernel must manage its own memory, the MPX metadata is not feasible to use. We show how to avoid this issue using kernel-specific MPX instrumentation. But security hardware—such as the Intel SGX—can itself be vulnerable. We investigate Intel SGX side-channels, and show how compile-time instrumentation can be used to mitigate a branch-shadowing attack on SGX. This dissertation presents security schemes that achieve minimal performance overheads by using features in off-the-shelf hardware. Our compile-time instrumentation integrates these features into existing code, without developer intervention. Together, hardware-assistance and compile-time instrumentation paves the way towards security solutions that offer optimal trade-offs in terms of development, deployment and performance costs. Yet, there are many roads ahead. Future work should explore compatibility with real code-bases, for instance, when common programming patterns rely on undefined behavior. Support should also be extended to C++ and other languages; this requires support for new language constructs such as exceptions and polymorphic types. Memory-safe languages could also benefit from hardware-assisted security, for instance, by providing fault isolation or improving performance of existing checks. Together, these directions will allow deployable security along a broad spectrum of projects and developers.en
dc.format.extent88 + app. 83
dc.format.mimetypeapplication/pdfen
dc.identifier.isbn978-952-60-8914-0 (electronic)
dc.identifier.isbn978-952-60-8913-3 (printed)
dc.identifier.issn1799-4942 (electronic)
dc.identifier.issn1799-4934 (printed)
dc.identifier.issn1799-4934 (ISSN-L)
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/42353
dc.identifier.urnURN:ISBN:978-952-60-8914-0
dc.language.isoenen
dc.opnRöning, Juha, Prof., University of Oulu, Finland
dc.publisherAalto Universityen
dc.publisherAalto-yliopistofi
dc.relation.haspart[Publication 1]: Elena Reshetova, Hans Liljestrand, Andrew Paverd, N. Asokan. Towards Linux Kernel Memory Safety. Software: Practice and Experience, 2018. DOI: 10.1002/spe.2638
dc.relation.haspart[Publication 2]: Shohreh Hosseinzadeh, Hans Liljestrand, Ville Leppänen, Andrew Paverd. Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization. In Proceedings of the 3rd Workshop on System Software for Trusted Execution, SysTEX ’18, Toronto, ON, Canada, pages 42–47, October 2018. DOI: 10.1145/3268935.3268940
dc.relation.haspart[Publication 3]: Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea, Jan-Erik Ekberg, N. Asokan. PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. In Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, USA, pages 177–195, August 2019. DOI: 10.5555/3361338.3361352
dc.relation.haspart[Publication 4]: Hans Liljestrand, Zaheer Gauhar, Thomas Nuyman, Jan-Erik Ekberg, N. Asokan. Protecting the stack with PACed canaries. In Proceedings of the 4th Workshop on System Software for Trusted Execution, SysTEX ’19, Huntsville, ON, Canada, 6 pages, October 2019. DOI: 10.1145/3342559.3365336
dc.relation.haspart[Publication 5]: Hans Liljestrand, Thomas Nyman, Lachlan Gunn, Jan-Erik Ekberg, N. Asokan. PACStack: an Authenticated Call Stack. Submitted, 20 pages, August 2019.
dc.relation.haspart[Errata file]: Errata of P3
dc.relation.ispartofseriesAalto University publication series DOCTORAL DISSERTATIONSen
dc.relation.ispartofseries8/2020
dc.revFrancillon, Aurélien, Prof., EURECOM, France
dc.revEnck, William, Prof., North Carolina State University, USA
dc.subject.keywordplatform securityen
dc.subject.keywordmemory safetyen
dc.subject.otherComputer scienceen
dc.titleHardware-assisted memory safetyen
dc.typeG5 Artikkeliväitöskirjafi
dc.type.dcmitypetexten
dc.type.ontasotDoctoral dissertation (article-based)en
dc.type.ontasotVäitöskirja (artikkeli)fi
local.aalto.acrisexportstatuschecked 2020-03-14_1526
local.aalto.archiveyes
local.aalto.formfolder2020_01_09_klo_10_19
Files
Original bundle
Now showing 1 - 2 of 2
No Thumbnail Available
Name:
isbn9789526089140.pdf
Size:
1.73 MB
Format:
Adobe Portable Document Format
No Thumbnail Available
Name:
Errata_liljestarnd_hans_DD_8_2020_publication_P3.pdf
Size:
97.8 KB
Format:
Adobe Portable Document Format
Description:
Errata Hans Liljestrand DD-8/2020 publication P3