Abstract
In recent years many security attacks occur when malicious codes abuse in-process memory resources. Due to the increasing complexity, an application program may call third-party code which cannot be controlled by programmers but may contain security vulnerabilities. As a result, the users have the risk of suffering information leakage and control flow hijacking. However, current solutions like Intel memory protection extensions (MPX) severely degrade performance, while other approaches like Intel memory protection keys (MPK) lack flexibility in dividing security domains. In this paper, we propose IMPULP, an effective and efficient hardware approach for in-process memory protection. The rationale of IMPULP is user-level partitioning that user code segments are divided into different security domains according to their instruction addresses, and accessible memory spaces are specified dynamically for each domain via a set of boundary registers. Each instruction related to memory access will be checked according to its security domain and the corresponding boundaries, and illegal in-process memory access of untrusted code segments will be prevented. IMPULP can be leveraged to prevent a wide range of in-process memory abuse attacks, such as buffer overflows and memory leakages. For verification, an FPGA prototype based on RISC-V instruction set architecture has been developed. We present eight tests to verify the effectiveness of IMPULP, including five memory protection function tests, a test to defense typical buffer overflow, a test to defense famous memory leakage attack named Heartbleed, and a test for security benchmark. We execute the SPEC CPU2006 benchmark programs to evaluate the efficiency of IMPULP. The performance overhead of IMPULP is less than 0.2% runtime on average, which is negligible. Moreover, the resource overhead is less than 5.5% for hardware modification of IMPULP.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Jacomme C, Kremer S, Scerri G. Symbolic models for isolated execution environments. In Proc. the 2007 IEEE European Symposium on Security and Privacy, April 2017, pp.530-545.
Chen Y H, Reymondjohnson S, Sun Z, Lu L. Shreds: Fine-grained execution units with private memory. In Proc. the 2006 IEEE Symposium on Security and Privacy, May 2016, pp.56-71.
Kudo N, Yamauchi T, Austin T H. Access control for plugins in Cordova-based hybrid applications. In Proc. the 31st IEEE International Conference on Advanced Information Networking and Applications, March 2017, pp.1063-1069.
McCamant S, Morrisett G. Evaluating SFI for a CISC architecture. In Proc. the 15th USENIX Security Symposium, July 2006, Article No. 9.
Wahbe R, Lucco S, Anderson T E, Graham S L. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 1993, 27(5): 203-216.
Sehr D, Muth R, Biffle C, Khimenko V, Pasko E, Schimpf K, Yee B, Chen B. Adapting software fault isolation to contemporary CPU architectures. In Proc. the 19th USENIX Security Symposium, August 2010, pp.1-12.
Otterstad C W. A brief evaluation of Intel®MPX. In Proc. the 2015 Annual IEEE Systems Conference, April 2015, pp.1-7.
One Aleph. Smashing the stack for fun and profit. Phrack Magazine, 1996, 7(49): Article No. 14.
Schuster F, Tendyck T, Liebchen C, Davi L, Sadeghi A R, Holz T. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In Proc. the 36th IEEE Symposium on Security and Privacy, May 2015, pp.745-762.
Shacham H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. the 2007 ACM SIGSAC Conference on Computer and Communications Security, October 2007, pp.552-561.
Snow K Z, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proc. the 34th IEEE Symposium on Security and Privacy, May 2013, pp.574-588.
Chen S, Xu J, Sezer E C. Non-control-data attacks are realistic threats. In Proc. the 14th USENIX Security Symposium, July 2005, Article No. 13.
Hu H, Chua Z L, Adrian S, Saxena P, Liang Z. Automatic generation of data-oriented exploits. In Proc. the 24th USENIX Security Symposium, August 2015, pp.177-192.
Hu H, Shinde S, Adrian S, Chua Z L, Saxena P, Liang Z. Data-oriented programming: On the expressiveness of non-control data attacks. In Proc. the 37th IEEE Symposium on Security and Privacy, May 2016, pp.969-986.
Roemer R, Buchanan E, Shacham H, Savage S. Return-oriented programming system, languages, and applications. ACM Transactions on Information and System Security, 2012, 15(1): Article No. 2.
Sadeghi A A, Niksefat S, Rostamipour M. Pure-call oriented programming (PCOP): Chaining the gadgets using call instructions. Journal of Computer Virology and Hacking Techniques, 2018, 14(2): 139-156.
Bletsch T, Jiang X, Freeh V, Liang Z. Jump oriented programming: A new class of code-reuse attack. In Proc. the 6th ACM Symposium on Information, Computer and Communications Security, March 2011, pp.30-40.
Lu K, Song C, Lee B, Chung S P, Lee W. ASLR-guard: Stopping address space leakage for code reuse attacks. In Proc. the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 2015, pp.280-291.
Abadi M, Budiu M, Erlingsson U, Ligatti J. Control-flow integrity. In Proc. the 12th ACM SIGSAC Conference on Computer and Communications Security, November 2005, pp.340-353.
Kuznetsov V, Szekeres L, Payer M, Candea G, Sekar R, Song D. Code-pointer integrity. In Proc. the 11th USENIX Symposium on Operating Systems Design and Implementation, October 2014, pp.147-163.
Evans I, Fingeret S, Gonzalez J, Otgonbaatar U, Tang T, Shrobe H, Sidiroglou-Douskos S, Rinard M, Okhravi H. Missing the point(er): On the effectiveness of code pointer integrity. In Proc. the 36th IEEE Symposium on Security and Privacy, May 2015, pp.781-796.
Akritidis P, Cadar C, Raiciu C, Costa M, Castro M. Preventing memory error exploits with WIT. In Proc. the 29th IEEE Symposium on Security and Privacy, May 2008, pp.263-277.
Castro M, Costa M, Harris T. Securing software by enforcing data-flow integrity. In Proc. the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006, pp.147-160.
Frassetto T, Jauernig P, Liebchen C, Sadeghi A, Darmstadt T U. IMIX: In-process memory isolation eXtension. In Proc. the 27th USENIX Security Symposium, August 2018, pp.83-97.
Costan V, Devadas S. Intel SGX explained. IACR Cryptology ePrint Archive, 2016, 2016: Article No. 86.
Feustel E A. On the advantages of tagged architecture. IEEE Transactions on Computers, 1973, 22(7): 644-656.
Tsai T, Singh N. Libsafe: Transparent system-wide protection against buffer overflow attacks. In Proc. the 2002 International Conference on Dependable Systems and Networks, June 2002, Article No. 541.
Lin Z, Mao B, Xie L. LibsafeXP: A practical and transparent tool for run-time buffer overflow preventions. In Proc. the 7th Annual IEEE Information Assurance Workshop, June 2006, pp.332-339.
Dang T H Y, Maniatis P, Wagner D. The performance cost of shadow stacks and stack canaries. In Proc. the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, pp.555-566.
Belay A, Bittau A, Mashtizadeh A, Terei D, Mazières D, Kozyrakis C. Dune: Safe user-level access to privileged CPU features. In Proc. the 10th USENIX Symposium on Operating Systems Design and Implementation, October 2012, pp.335-348.
Chen Y, Reymondjohnson S, Sun Z, Lu L. Shreds: Fine-grained execution units with private memory. In Proc. the 2016 IEEE Symposium on Security and Privacy, May 2016, pp.56-71.
Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. In Proc. the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, October 2004, pp.97-106.
Carlini N, Barresi A, Payer M, Wagner D, Gross T R. Control-flow bending: On the effectiveness of control-flow integrity. In Proc. the 24th USENIX Security Symposium, August 2015, pp.161-176.
Author information
Authors and Affiliations
Corresponding author
Electronic supplementary material
ESM 1
(PDF 227 kb)
Rights and permissions
About this article
Cite this article
Zhao, YY., Chen, MY., Liu, YH. et al. IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning. J. Comput. Sci. Technol. 35, 418–432 (2020). https://doi.org/10.1007/s11390-020-9703-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-020-9703-2