Hardware-based Always-On Memory Safety

Files
KIM-DISSERTATION-2023.pdf (5.34 MB)
Author(s)
Kim, Yonghae
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Series
Collections
Theses and Dissertations
Supplementary to:
Permanent Link
https://hdl.handle.net/1853/76753
Abstract
In computer systems, memory safety violations have been a persistent problem. Recent industry reports show that memory safety vulnerabilities addressed in their products still account for over 70% of the entire security cases. With the severity of the problem, securing computer systems against it becomes the task at hand. Typical software attacks are known to overwrite security-critical control data, such as a return address and a function pointer, to hijack the control flow of a program, referred to as control-flow attacks. The ultimate goal of these attacks is to change the control flow to attacker-chosen addresses and thereby cause security breaches, such as arbitrary code execution, privilege escalation, and leakage of sensitive information. To prevent such attacks, the concept of control-flow integrity (CFI) has been investigated. To date, numerous proposals have been proposed, but most work tends to make a trade-off between security and performance; they either specialize in specific type of protection or provide security at the cost of non-trivial runtime overhead. Meanwhile, recent work has shown that data-oriented attacks can achieve practical attacks without subverting the control flow of a program. These attacks operate by corrupting variables that influence a victim program’s decision making or leaking sensitive information without data corruption. Given that typical CFI solutions cannot detect such attacks, stronger defense mechanisms have also been sought. In response, prior work has proposed defense mechanisms that can detect memory bugs, e.g., buffer overflow, in the first place and thereby provide strong memory safety. Despite such efforts, however, they have shown limitations in attaining desired properties altogether, such as security, performance, and compatibility. As an attempt to end such an eternal war in memory safety, this thesis investigates and proposes novel defense mechanisms that achieve robust yet efficient memory safety.
Sponsor
Date
2023-08-28
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI