The Experts below are selected from a list of 48 Experts worldwide ranked by ideXlab platform
Song Chengyu - One of the best experts on this subject based on the ideXlab platform.
-
HDFI: Hardware-Assisted Data-Flow Isolation
'Institute of Electrical and Electronics Engineers (IEEE)', 2016Co-Authors: Song Chengyu, Moon Hyungon, Alam Monjur, Yun Insu, Lee Byoungyoung, Kim Taesoo, Lee Wenke, Paek YunheungAbstract:Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by Virtually extending each memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell -- LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (<; 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, Virtual Function Table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions
-
Preventing exploits against memory corruption vulnerabilities
Georgia Institute of Technology, 2016Co-Authors: Song ChengyuAbstract:The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts toward building secure software, software systems of even modest complexity still routinely have serious vulnerabilities. More alarmingly, even the trusted computing base (e.g. OS kernel) still contains vulnerabilities that would allow attackers to subvert security mechanisms such as the application sandbox on smartphones. Among all vulnerabilities, memory corruption is one of the most ancient, prevalent, and devastating vulnerabilities. This thesis proposed three projects on mitigating this threat. There are three popular ways to exploit a memory corruption vulnerability---attacking the code (a.k.a. code injection attack), the control data (a.k.a. control-flow hijacking attack), and the non-control data (a.k.a. data-oriented attack). Theoretically, code injection attack can be prevented with the execuTable XOR wriTable policy; but in practice, this policy is undermined by another important technique---dynamic code generation (e.g. JIT engines). In the first project, we first showed that this conflict is actually non-trivial to resolve, then we introduced a new design paradigm to fundamentally solve this problem, by relocating the dynamic code generator to a separate process. In the second project, we focused on preventing data-oriented attacks against operating system kernel. Using privilege escalation attacks as an example, we (1) demonstrated that data-oriented attacks are realistic threats and hard to prevent; (2) discussed two important challenges for preventing such attacks (i.e., completeness and performance); and (3) presented a system that combines program analysis techniques and system designs to solve these challenges. During these two projects, we found that lacking sufficient hardware support imposes many unnecessary difficulties in building robust and efficient defense mechanisms. In the third project, we proposed HDFI (hardware-assisted data-flow isolation) to overcome this limitation. HDFI is a new fine-grained isolation mechanism that enforces isolation at the machine word granularity, by Virtually extending each memory unit with an additional tag that is defined by data-flow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell--LaPadula Model. For demonstration, we developed and ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, Virtual Function Table protection, code pointer protection, kernel data protection, and information leak prevention. The evaluation results showed that HDFI is easy to use, imposes low performance overhead, and allows us to create simpler and more secure solutions.Ph.D
Jingfeng Xue - One of the best experts on this subject based on the ideXlab platform.
-
dynamic binary instrumentation based defense solution against Virtual Function Table hijacking attacks at c binary programs
2015 10th International Conference on P2P Parallel Grid Cloud and Internet Computing (3PGCIC), 2015Co-Authors: Yong Wang, Hailin Yan, Zhenyan Liu, Jingfeng XueAbstract:Memory corruption bugs are one of the most critical vulnerabilities in software security, which can be exploited to overwrite Virtual Tables (vTables) or Virtual Table pointers (vfptrs) and finally gain control over the programs at Virtual Function call sites (vTable hijacking). In this paper, we propose a novel approach to detect vTable hijacking attacks against C++ binary execuTables. We first analyze the programs to get vTable information of each class, and backup the original vTables and vfptrs at runtime, then instrument security checks dynamically before Virtual Function dispatches to validate vTables' integrity. We implement the proposed approach as a tool and use it to successfully detect vTable hijacking attacks on the version 11 of Microsoft's Internet Explorer.
-
3PGCIC - Dynamic Binary Instrumentation Based Defense Solution against Virtual Function Table Hijacking Attacks at C++ Binary Programs
2015 10th International Conference on P2P Parallel Grid Cloud and Internet Computing (3PGCIC), 2015Co-Authors: Yong Wang, Hailin Yan, Zhenyan Liu, Jingfeng XueAbstract:Memory corruption bugs are one of the most critical vulnerabilities in software security, which can be exploited to overwrite Virtual Tables (vTables) or Virtual Table pointers (vfptrs) and finally gain control over the programs at Virtual Function call sites (vTable hijacking). In this paper, we propose a novel approach to detect vTable hijacking attacks against C++ binary execuTables. We first analyze the programs to get vTable information of each class, and backup the original vTables and vfptrs at runtime, then instrument security checks dynamically before Virtual Function dispatches to validate vTables' integrity. We implement the proposed approach as a tool and use it to successfully detect vTable hijacking attacks on the version 11 of Microsoft's Internet Explorer.
Karel Driesen - One of the best experts on this subject based on the ideXlab platform.
-
Measurement of Virtual Function Call Overhead on Modern Processors
Efficient Polymorphic Calls, 2001Co-Authors: Karel DriesenAbstract:In this section we measure the direct cost of Virtual Function Table lookup for a number of realistic C++ programs running on superscalar processors employing co-scheduling and simple indirect branch prediction, and identify the processor characteristics that most affect this cost. In Section 5.2 we saw that, when analyzed in isolation, the cost of dispatch sequences of Table-based techniques are similar to Virtual Function Tables. Therefore VTBL serves as a representative technique for Table-based dispatch in this quantitative analysis.
-
OOPSLA - The direct cost of Virtual Function calls in C
Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming systems languages and applications - OOPSLA '96, 1996Co-Authors: Karel Driesen, Urs HölzleAbstract:We study the direct cost of Virtual Function calls in C++ programs, assuming the standard implementation using Virtual Function Tables. We measure this overhead experimentally for a number of large benchmark programs, using a combination of execuTable inspection and processor simulation. Our results show that the C++ programs measured spend a median of 5.2% of their time and 3.7% of their instructions in dispatch code. For "all Virtuals" versions of the programs, the median overhead rises to 13.7% (13% of the instructions). The "thunk" variant of the Virtual Function Table implementation reduces the overhead by a median of 21% relative to the standard implementation. On future processors, these overheads are likely to increase moderately.
-
OOPSLA - Minimizing row displacement dispatch Tables
Proceedings of the tenth annual conference on Object-oriented programming systems languages and applications - OOPSLA '95, 1995Co-Authors: Karel Driesen, Urs HölzleAbstract:Row displacement dispatch Tables implement message dispatching for dynamically-typed languages with a run time overhead of one memory indirection plus an equality test. The technique is similar to Virtual Function Table lookup, which is, however, restricted to statically typed languages like C++. We show how to reduce the space requirements of dispatch Tables to approximately the same size as Virtual Function Tables. The scheme is then generalized for multiple inheritance. Experiments on a number of class libraries from five different languages demonstrate that the technique is effective for a broad range of programs. Finally, we discuss optimizations of the row displacement algorithm that allow dispatch Table construction of these large samples to take place in a few seconds.
Paek Yunheung - One of the best experts on this subject based on the ideXlab platform.
-
HDFI: Hardware-Assisted Data-Flow Isolation
'Institute of Electrical and Electronics Engineers (IEEE)', 2016Co-Authors: Song Chengyu, Moon Hyungon, Alam Monjur, Yun Insu, Lee Byoungyoung, Kim Taesoo, Lee Wenke, Paek YunheungAbstract:Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by Virtually extending each memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell -- LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (<; 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, Virtual Function Table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions
Yunheung Paek - One of the best experts on this subject based on the ideXlab platform.
-
IEEE Symposium on Security and Privacy - HDFI: Hardware-Assisted Data-Flow Isolation
2016 IEEE Symposium on Security and Privacy (SP), 2016Co-Authors: Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung PaekAbstract:Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by Virtually extending each memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell -- LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (< 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, Virtual Function Table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions.
