Hardware-assisted memory safety
dc.contributor | Aalto-yliopisto | fi |
dc.contributor | Aalto University | en |
dc.contributor.advisor | Ekberg, Jan-Erik, Adj. Prof., Aalto University, Department of Computer Science, Finland | |
dc.contributor.author | Liljestrand, Hans | |
dc.contributor.department | Tietotekniikan laitos | fi |
dc.contributor.department | Department of Computer Science | en |
dc.contributor.lab | Secure Systems Group | en |
dc.contributor.school | Perustieteiden korkeakoulu | fi |
dc.contributor.school | School of Science | en |
dc.contributor.supervisor | Asokan, N. Prof., Aalto University, Department of Computer Science, Finland | |
dc.date.accessioned | 2020-01-09T10:01:09Z | |
dc.date.available | 2020-01-09T10:01:09Z | |
dc.date.defence | 2020-01-20 | |
dc.date.issued | 2020 | |
dc.description.abstract | Computers today are ubiquitous and closely integrated into our everyday lives. But computers are fickle in nature. Programs are written by fallible humans and run on imperfect hardware. As a result, computer systems are plagued by memory vulnerabilities. Many remedies exist; from defensive programming techniques to memory-safe languages. But these approaches require security-expertise and costly porting of existing code. To achieve wide-spread use, we must integrate security into existing tools and languages. Moreover, this must be done with minimal performance and deployment costs. New security features are being rolled out in commodity hardware. They hold the promise of security, but are non-trivial to use effectively. In this dissertation, I show how compile-time instrumentation can use such hardware for performant memory-safety solutions. We explore the recently introduced ARMv8.3-A PA and Intel MPX extensions. PA supports hardware-accelerated signing and verification of pointers. Not only do we address weaknesses in prior PA-based defenses, but we also present novel solutions for memory safety. In particular, we demonstrate how PA can be used for run-time type checking, precise return address protection, and stack safety. Userspace MPX-instrumentation is well-known and uses in-memory metadata to provide bounds checking of memory accesses. The kernel is paramount for security, but using MPX to protect is not straightforward. Because the kernel must manage its own memory, the MPX metadata is not feasible to use. We show how to avoid this issue using kernel-specific MPX instrumentation. But security hardware—such as the Intel SGX—can itself be vulnerable. We investigate Intel SGX side-channels, and show how compile-time instrumentation can be used to mitigate a branch-shadowing attack on SGX. This dissertation presents security schemes that achieve minimal performance overheads by using features in off-the-shelf hardware. Our compile-time instrumentation integrates these features into existing code, without developer intervention. Together, hardware-assistance and compile-time instrumentation paves the way towards security solutions that offer optimal trade-offs in terms of development, deployment and performance costs. Yet, there are many roads ahead. Future work should explore compatibility with real code-bases, for instance, when common programming patterns rely on undefined behavior. Support should also be extended to C++ and other languages; this requires support for new language constructs such as exceptions and polymorphic types. Memory-safe languages could also benefit from hardware-assisted security, for instance, by providing fault isolation or improving performance of existing checks. Together, these directions will allow deployable security along a broad spectrum of projects and developers. | en |
dc.format.extent | 88 + app. 83 | |
dc.format.mimetype | application/pdf | en |
dc.identifier.isbn | 978-952-60-8914-0 (electronic) | |
dc.identifier.isbn | 978-952-60-8913-3 (printed) | |
dc.identifier.issn | 1799-4942 (electronic) | |
dc.identifier.issn | 1799-4934 (printed) | |
dc.identifier.issn | 1799-4934 (ISSN-L) | |
dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/42353 | |
dc.identifier.urn | URN:ISBN:978-952-60-8914-0 | |
dc.language.iso | en | en |
dc.opn | Röning, Juha, Prof., University of Oulu, Finland | |
dc.publisher | Aalto University | en |
dc.publisher | Aalto-yliopisto | fi |
dc.relation.haspart | [Publication 1]: Elena Reshetova, Hans Liljestrand, Andrew Paverd, N. Asokan. Towards Linux Kernel Memory Safety. Software: Practice and Experience, 2018. DOI: 10.1002/spe.2638 | |
dc.relation.haspart | [Publication 2]: Shohreh Hosseinzadeh, Hans Liljestrand, Ville Leppänen, Andrew Paverd. Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization. In Proceedings of the 3rd Workshop on System Software for Trusted Execution, SysTEX ’18, Toronto, ON, Canada, pages 42–47, October 2018. DOI: 10.1145/3268935.3268940 | |
dc.relation.haspart | [Publication 3]: Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea, Jan-Erik Ekberg, N. Asokan. PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. In Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, USA, pages 177–195, August 2019. DOI: 10.5555/3361338.3361352 | |
dc.relation.haspart | [Publication 4]: Hans Liljestrand, Zaheer Gauhar, Thomas Nuyman, Jan-Erik Ekberg, N. Asokan. Protecting the stack with PACed canaries. In Proceedings of the 4th Workshop on System Software for Trusted Execution, SysTEX ’19, Huntsville, ON, Canada, 6 pages, October 2019. DOI: 10.1145/3342559.3365336 | |
dc.relation.haspart | [Publication 5]: Hans Liljestrand, Thomas Nyman, Lachlan Gunn, Jan-Erik Ekberg, N. Asokan. PACStack: an Authenticated Call Stack. Submitted, 20 pages, August 2019. | |
dc.relation.haspart | [Errata file]: Errata of P3 | |
dc.relation.ispartofseries | Aalto University publication series DOCTORAL DISSERTATIONS | en |
dc.relation.ispartofseries | 8/2020 | |
dc.rev | Francillon, Aurélien, Prof., EURECOM, France | |
dc.rev | Enck, William, Prof., North Carolina State University, USA | |
dc.subject.keyword | platform security | en |
dc.subject.keyword | memory safety | en |
dc.subject.other | Computer science | en |
dc.title | Hardware-assisted memory safety | en |
dc.type | G5 Artikkeliväitöskirja | fi |
dc.type.dcmitype | text | en |
dc.type.ontasot | Doctoral dissertation (article-based) | en |
dc.type.ontasot | Väitöskirja (artikkeli) | fi |
local.aalto.acrisexportstatus | checked 2020-03-14_1526 | |
local.aalto.archive | yes | |
local.aalto.formfolder | 2020_01_09_klo_10_19 |
Files
Original bundle
1 - 2 of 2
No Thumbnail Available
- Name:
- isbn9789526089140.pdf
- Size:
- 1.73 MB
- Format:
- Adobe Portable Document Format
No Thumbnail Available
- Name:
- Errata_liljestarnd_hans_DD_8_2020_publication_P3.pdf
- Size:
- 97.8 KB
- Format:
- Adobe Portable Document Format
- Description:
- Errata Hans Liljestrand DD-8/2020 publication P3