17th INTERNATIONAL FORUM ON MPSoC
for software-defined hardware
For further information, please send email to Frédéric Pétrot
Institut of Information Engineering, Chinese Academy of Sciences, China
RAGuard: A Hardware Based Mechanism for Backward-Edge Control-Flow Integrity
Control-ow integrity (CFI) is considered as a general and promising method to prevent code-reuse attacks, which utilize benign code sequences to realize arbitrary computation. Current approaches can efficiently protect control-ow transfers caused by indirect jumps and function calls (forward-edge CFI). However, they cannot effectively protect control-ow caused by the function return (backward-edge CFI). The reason is that the set of return addresses of the functions that are frequently called can be very large, which might bend the backward-edge CFI. We address this backward-edge CFI problem by proposing a novel hardware-assisted mechanism (RAGuard) that binds a message authentication code to each return address and enhances security via a physical unclonable function and a hardware hash function. The message authentication codes can be stored on the program stack with return address. RAGuard hardware automatically verifies the integrity of return addresses. Our experiments show that for a subset of the SPEC CPU2006 benchmarks, RAGuard incurs 1.86% runtime overheads on average with no need for OS support.
Rui Hou is a professor at Institute of Information Engineering, Chinese Academy of Sciences. His major research interest includes data center server architecture, processor design, and hardware security. He is the honored as Outstanding Young Scholars of the National Science Foundation, China. Dr. Rui Hou received his BS and MS degrees from Harbin Institute of Technology, and PhD degree from Institute of Computing, Chinese Academy of Sciences. Before his current position, he worked in IBM China Research from 2007 to 2011. He published over 30 papers in international conferences and journals, and got more than 50 patents.