Practical Software-Based Shadow Stacks on x86-64-Reference-Cited by-同舟云学术

Practical Software-Based Shadow Stacks on x86-64

Published:2022-10-07 Issue:4 Volume:19 Page:1-26
ISSN:1544-3566
Container-title:ACM Transactions on Architecture and Code Optimization
language:en
Short-container-title:ACM Trans. Archit. Code Optim.

Author:

Zou Changwei¹^ORCID,Gao Yaoqing²^ORCID,Xue Jingling³^ORCID

Affiliation:

1. UNSW Sydney Macau University of Science and Technology, Macau, China

2. Huawei Toronto Research Center, Markham, ON, Canada

3. UNSW Sydney, NSW, Australia

Abstract

Control-Flow Integrity (CFI) techniques focus often on protecting forward edges and assume that backward edges are protected by shadow stacks. However, software-based shadow stacks that can provide performance, security, and compatibility are still hard to obtain, leaving an important security gap on x86-64. In this article, we introduce a simple, efficient, and effective parallel shadow stack design (based on LLVM), FlashStack , for protecting return addresses in single- and multi-threaded programs running under 64-bit Linux on x86-64, with three distinctive features. First, we introduce a novel dual-prologue approach to enable a protected function to thwart the TOCTTOU attacks, which are constructed by Microsoft’s red team and lead to the deprecation of Microsoft’s RFG. Second, we design a new mapping mechanism, Segment+Rsp-S , to allow the parallel shadow stack to be accessed efficiently while satisfying the constraints of arch_prctl() and ASLR in 64-bit Linux. Finally, we introduce a lightweight inspection mechanism, SideChannel-K , to harden FlashStack further by detecting entropy-reduction attacks efficiently and protecting the parallel shadow stack effectively with a 10-ms shuffling policy. Our evaluation on SPEC CPU2006 , Nginx, and Firefox shows that FlashStack can provide high performance, meaningful security, and reasonable compatibility for server- and client-side programs on x86-64.

Funder

Australian Research Council

UNSW-Huawei

Publisher

Association for Computing Machinery (ACM)

Subject

Hardware and Architecture,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3556977

Reference77 articles.

1. Microsoft Security Response Center. 2018. The Evolution of CFI Attacks and Defenses. Retrieved July 18 2022 from https://github.com/microsoft/MSRC-Security-Research/tree/master/presentations/2018_02_OffensiveCon.

2. Wikipedia. 2020. Tiger Lake. Retrieved July 18 2022 from https://en.wikipedia.org/wiki/Tiger_Lake_(microprocessor).

3. The PaX Team. 2001. Address Space Layout Randomization. Retrieved July 18 2022 from https://pax.grsecurity.net/docs/aslr.txt.

4. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

5. David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and deployable continuous code re-randomization. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation. 367–382.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. VMCanary: Effective Memory Protection for WebAssembly via Virtual Machine-assisted Approach;2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS);2023-10-22

2. Thread-Level Attack-Surface Reduction;Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems;2023-06-13

3. Stack Data Protection Mechanism for LLVM Intermediate Representation;2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE);2023-04-14