Towards a practical solution to detect code reuse attacks on ARM mobile devices

Autor:	Dongil Hwang, Yunheung Paek, Yongje Lee, Ingoo Heo, Kyung-Min Kim
Rok vydání:	2015
Předmět:	Multi-core processor business.industry Computer science Interface (computing) Code reuse computer.software_genre ARM architecture Software Embedded system Operating system Overhead (computing) Central processing unit business computer Return-oriented programming
Zdroj:	HASP@ISCA
Popis:	In recent years, there is a growing need to protect security and privacy of the data against various attacks on software running on smart mobile devices. The attackers mostly attempt to acquire privileges to control system behaviors as they want. As of today, the code reuse attack (CRA) is known as one of the most sophisticated techniques that can be exploited in such attempts. The attackers launch CRAs to perform arbitrary computation by reusing and chaining existing code fragments, called gadgets. Prior solutions to CRAs are engineered either in software or hardware. However, both of them have their own weaknesses. Software solutions suffer from huge performance overhead because they occupy computing resources of the host CPU. On the other hand, existing hardware solutions all require invasive modifications to the CPU internal architecture. This is contradictory to the conventional application processor (AP) design principle which is to integrate off-the-shelf commodity CPU cores and other special-purpose hardware modules together to form a system. In this paper, we propose a more practical hardware solution which conforms to such design convention, thus being amenable for immediate deployment to modern mobile devices that use APs as their central computing engines. In our work, we target the devices that employ as their AP CPUs the ARM processors which are the de-facto standard CPUs for commercial mobile devices today. The key difference of ours from previous hardware solutions is that our CRA detection hardware modules have been integrated as off-core modules with the processor, strictly following the AP designing principle. We exploit the ARM debug interface to obtain the core internal information which is not directly accessible from off-core hardware modules. As a result, we were able to detect CRAs from outside the CPU without modifying the processor internal. For our preliminary experiment, we have implemented in our prototype a module to detect the attacks based on return-oriented programming (ROP) which is a representative technique used in CRAs. Empirical results show that our solution successfully detects ROP attacks with negligibly low runtime overhead and moderate area overhead.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::e3153fc484d7ffde30fb1a79b3856bb1 https://doi.org/10.1145/2768566.2768569 Zobrazit plný text záznamu