A Memory-Access Validation Scheme against Payload Injection Attacks

Author

Dongkyun Ahn ; Gyungho Lee

Author_Institution

Intel Corp, Santa Clara, CA, USA

Volume

12

Issue

4

fYear

2015

fDate

July-Aug. 1 2015

Firstpage

387

Lastpage

399

Abstract

The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attack. In spite of the various forms of protection against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protection. This paper proposes a memory-access validation scheme that manages information on spurious data at the granularity of the cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect synthesized payload injection attacks and to manage taint information with a moderate memory overhead under an acceptable performance impact.

Keywords

cache storage; data protection; query processing; virtual storage; cache line size granularity; control flow diversion; data piece authenticity; information management; malicious attacks; memory hierarchy integration; memory overhead; memory-access validation scheme; processor; query answering scheme; software attack; spurious data protection; synthesized payload injection attack detection; virtual memory; Arrays; Kernel; Memory management; Payloads; Registers; Runtime; Virtual memory; security;

fLanguage

English

Journal_Title

Dependable and Secure Computing, IEEE Transactions on

Publisher

ieee

ISSN

1545-5971

Type

jour

DOI

10.1109/TDSC.2014.2355844

Filename

6894165