PIBE
| Autor: | Victor Duta, Herbert Bos, Cristiano Giuffrida, Erik van der Kouwe |
|---|---|
| Přispěvatelé: | Computer Systems, Network Institute, Systems and Network Security |
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
operating systems
0303 health sciences control-flow hijacking Computer science Distributed computing Indirect branch Linux kernel computer.software_genre 03 medical and health sciences 0302 clinical medicine Control flow Software bug 030220 oncology & carcinogenesis transient execution profile-guided optimizations Overhead (computing) Transient (computer programming) Compiler Instrumentation (computer programming) computer 030304 developmental biology |
| Zdroj: | ASPLOS ASPLOS 2021: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 743-757 STARTPAGE=743;ENDPAGE=757;TITLE=ASPLOS 2021 Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems Duta, V, Giuffrida, C, Bos, H & Van Der Kouwe, E 2021, PIBE : Practical kernel control-flow hardening with profile-guided indirect branch elimination . in ASPLOS 2021 : Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems . International Conference on Architectural Support for Programming Languages and Operating Systems-ASPLOS, Association for Computing Machinery, pp. 743-757, 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2021, Virtual, Online, United States, 19/04/21 . https://doi.org/10.1145/3445814.3446740 |
| DOI: | 10.1145/3445814.3446740 |
| Popis: | Control-flow hijacking, which allows an attacker to execute arbitrary code, remains a dangerous software vulnerability. Control-flow hijacking in speculated or transient execution is particularly insidious as it allows attackers to leak data from operating system kernels and other targets on commodity hardware, even in the absence of software bugs. Having made the jump from regular to transient execution in recent attacks, control-flow hijacking has become a top priority for developers. While powerful defenses against control-flow hijacking in regular execution are now sufficiently low-overhead to see wide-spread adoption, this is not the case for defenses in transient execution. Unfortunately, current techniques for mitigating attacks in transient execution exhibit high overheads-requiring a costly combination of defenses for every indirect branch. We show that the high overhead incurred by state-of-the-art mitigations is mostly due to the effect of hardening frequently executed branches. We propose PIBE, which offers comprehensive protection against control-flow hijacking at a fraction of the cost of existing solutions, by revisiting design choices in the compiler's optimization passes. For every indirect branch, it decides whether to harden it with instrumentation code or elide it altogether using code transformations. By specifically removing the heavy hitters among the indirect branches through tailored profile-guided optimization, PIBE aggressively reduces the number of vulnerable branches to allow the simultaneous application of multiple state-of-the-art defenses on the remaining branches with practical overhead. Demonstrating our solution on the Linux kernel, one of the largest, most complex and most security-critical code bases on modern systems, we show that PIBE reduces the overhead of comprehensive defenses against transient control flow hijacking by an order of magnitude, from 149% to 10.6% on microbenchmarks and from ~ 40% to around 6% on several application benchmarks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|