With the growing demand for embedded systems, from home appliances to industrial usage, security is a significant challenge. Return-oriented programming (ROP) and Code reuse attacks are among the most dangerous attacks. They aim to hijack the control flow program to bypass system restrictions and/or execute malicious code. Stack canary is a well-known defense mechanism against these types of attacks. Generally, they employ a secret value to sit in the memory right before a specific location of the memory that is about to be protected. The security of such a system relies on keeping the canary value secret. However, for a single, unaltered key, it is difficult to guarantee secrecy. On the other hand, having limited processing capabilities and restricted resources presupposes embedded designers. Security is critical for many real-time applications (like industrial IoT devices), and any protection must comply with the processor speed and memory capacity. This paper proposes a lightweight hardware extension to protect the memory against ROP attacks. The proposed method is a canary-based technique that utilizes Physical Unclonable Functions (PUF) to generate dynamic, unpredictable values. The canary generator security module works in parallel with the processor to avoid any extra performance overhead. In general, our technique is independent of system architecture and even supports processors with multi-execution units.

A Secure Canary-Based Hardware Approach Against ROP / Sadeghipourrudsari, Mahboobe; Prinetto, Paolo; Nouri, Ebrahim; Sheikhshoaei, Fatemeh; Navabi, Zainalabedin. - 6:(2022). ((Intervento presentato al convegno ITASEC'22: Italian Conference on Cybersecurity tenutosi a Rome, Italy nel June 20--23, 2022.

A Secure Canary-Based Hardware Approach Against ROP

SadeghipourRudsari, Mahboobe;Prinetto, Paolo;
2022

Abstract

With the growing demand for embedded systems, from home appliances to industrial usage, security is a significant challenge. Return-oriented programming (ROP) and Code reuse attacks are among the most dangerous attacks. They aim to hijack the control flow program to bypass system restrictions and/or execute malicious code. Stack canary is a well-known defense mechanism against these types of attacks. Generally, they employ a secret value to sit in the memory right before a specific location of the memory that is about to be protected. The security of such a system relies on keeping the canary value secret. However, for a single, unaltered key, it is difficult to guarantee secrecy. On the other hand, having limited processing capabilities and restricted resources presupposes embedded designers. Security is critical for many real-time applications (like industrial IoT devices), and any protection must comply with the processor speed and memory capacity. This paper proposes a lightweight hardware extension to protect the memory against ROP attacks. The proposed method is a canary-based technique that utilizes Physical Unclonable Functions (PUF) to generate dynamic, unpredictable values. The canary generator security module works in parallel with the processor to avoid any extra performance overhead. In general, our technique is independent of system architecture and even supports processors with multi-execution units.
File in questo prodotto:
File Dimensione Formato  
ITASEC2022.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Creative commons
Dimensione 386.55 kB
Formato Adobe PDF
386.55 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2970910