Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking
作者: Sanjeev Das , Wei Zhang , Yang Liu
关键词: Instruction set 、 Computer science 、 Hardware security module 、 Source code 、 Software 、 Code reuse 、 Trusted Platform Module 、 Operating system 、 Buffer overflow 、 Embedded system 、 Stack buffer overflow
摘要: Trusted Platform Module (TPM) has gained its popularity in computing systems as a hardware security approach. TPM provides the boot time by verifying platform integrity including and software. However, once software is loaded, can no longer protect execution. In this work, we propose dynamic design, which performs control flow checking to program from runtime attacks. The checker integrated at commit stage of processor pipeline. verified defend attacks such stack smashing using buffer overflow code reuse. We implement proposed design FPGA achieve high performance, low cost flexibility for easy functionality upgrade based on FPGA. our neither source nor Instruction Set Architecture (ISA) needs be changed. benchmark simulations demonstrate less than 1% performance penalty processor, an effective protection
sci-hub.se 参考文章(21)
Olga Gelbart, Paul Ott, Bhagirath Narahari, Rahul Simha, Alok Choudhary, Joseph Zambreno, CODESSEAL: Compiler/FPGA Approach to Secure Applications Intelligence and Security Informatics. ,vol. 3495, pp. 530- 535 ,(2005) , 10.1007/11427995_54
A.M. Fiskiran, R.B. Lee, Runtime execution monitoring (REM) to detect and prevent malicious code execution international conference on computer design. pp. 452- 457 ,(2004) , 10.1109/ICCD.2004.1347961
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
M.R. Guthaus, T. Mudge, R.B. Brown, D. Ernst, T.M. Austin, J.S. Ringenberg, MiBench: A free, commercially representative embedded benchmark suite ieee international symposium on workload characterization. pp. 3- 14 ,(2001) , 10.1109/WWC.2001.15
Schuette, Shen, Processor Control Flow Monitoring Using Signatured Instruction Streams IEEE Transactions on Computers. ,vol. 36, pp. 264- 276 ,(1987) , 10.1109/TC.1987.1676899
M. Kayaalp, T. Schmitt, J. Nomani, D. Ponomarev, N. Abu-Ghazaleh, SCRAP: Architecture for signature-based protection from Code Reuse Attacks high-performance computer architecture. pp. 258- 269 ,(2013) , 10.1109/HPCA.2013.6522324
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy, Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks scalable trusted computing. pp. 49- 54 ,(2009) , 10.1145/1655108.1655117
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy, Return-oriented programming without returns computer and communications security. pp. 559- 572 ,(2010) , 10.1145/1866307.1866370
Arun K. Kanuparthi, Mohamed Zahran, Ramesh Karri, Feasibility study of dynamic Trusted Platform Module international conference on computer design. pp. 350- 355 ,(2010) , 10.1109/ICCD.2010.5647705
Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, Sina Bahram, Defeating return-oriented rootkits with "Return-Less" kernels european conference on computer systems. pp. 195- 208 ,(2010) , 10.1145/1755913.1755934