Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley.

Similar presentations


Presentation on theme: "Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley."— Presentation transcript:

1 Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley

2 Summary CFIXFI Enforce control flow to prevent software attacks [CCS 05] [ICFEM 05] Protect modules within a single address space [OSDI 06] 2 This work: add hardware support

3 Outline Control-Flow Integrity XFI: Protecting Modules Conclusions 3

4 CFI Motivation 4 Control flow Anatomy of many software attacks

5 CFI Idea 5 ExecutableControl-Flow Graph += Self-checking program

6 CFI Security Benefits Enforces CFG against attacker that controls whole data memory Defends against a large class of attacks – Buffer overflows – Stack smashing – Jump-to-libc – Pointer subterfuge Validated experimentally 6 Code Data Stack

7 Embedding a CFG Edge 7 jmpc r1, 50...... cfilabel 60 …. cfilabel 50..... jmp r1...... dest:..... ? Traditional indirect jumpNew ISA: checked jump and label

8 Semantics 8 jmpc r1, Lcfilabel L cfi_register = L; jmp r1 if (cfi_register == L) cfi_register = 0 before any instruction except cfilabel if (cfi_register != 0) cfi_exception()

9 Evaluation 9 Binary Squeeze++ binary rewriter instrumentation algorithm Sim-alpha simulator Alpha CC Spec2k Sources Instrumented binary Performance data Linux

10 CFI Execution Overhead

11 Outline Control-Flow Integrity XFI: Protecting Modules Conclusions 11

12 XFI Motivation 12 OS KernelDriver Ring 0 (high privilege) Single address space Kernel heap Shared data structure

13 XFI Address Spaces 13 Host systemXFI Module Data R/O Data R/W Data Stacks Code Entry points Fastpath region AB Slowpath region Host heap

14 Memory Bounds Checks 14 Host systemXFI Module Data R/O Data R/W Data Code AB Host heap *(int*)x = 2; if (x < A + 0) goto SlowpathCheck; if (B – sizeof(int) < x) goto SlowpathCheck; retfromSlowCheck: *(int*)x = 2; 2 x

15 ISA Support for XFI 15 mrguard $r, L, H If ($r < $a + L) XFI_exception() if ($b – H < $r) XFI_exception() [$r – L, $r + H) [$a, $b) AB $r LH

16 Evaluation 16 Assembly Sim-alpha simulator Alpha CC Mediabench Sources Instrumented binary Performance data Linux Hand instrument Kernel Link Object files

17 Bounds Checks Overhead 17

18 Advantages of ISA Support Compared with software solutions: Reduce executable size Reduce pressure on fetch structures (I-cache, trace cache, br. predictors) Decrease register pressure (no intermediate results) Do not pollute condition flags Do not pollute the data cache to fetch code label [CFI only] 18

19 Conclusions ISA support is very simple ISA support does not stretch critical hw resources ISA support can reduce the cost of CFI and XFI enforcement 19

20 Backup Slides 20

21 21 MSR Silicon Valley

22 22 Our Neighbors Google NASA AMES Microsoft SVC

23 23 Were Going Into Architecture

24 Were Hiring Computer Architects 24 Exciting research opportunities A chance to influence industry A lot of creative freedom A great interdisciplinary team A brand new research group A great location research.microsoft.com/aboutmsr/labs/siliconvalley

25 CFI & XFI Toolchain 25 Compiler Executable Debugging information Program Binary rewriter Safe executable Unsafe code Execution Safe code Verifier Instrumentation algorithm Trusted computing base

26 CFI Software Implementation 26 jmpc r1, 50...... cfilabel 50..... if (*r1 != 50) then goto error; goto r1+4; …..data 50 ….

27 CFI Binary Size Increase 27


Download ppt "Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley."

Similar presentations


Ads by Google