ShadowStack: A new approach for secure program execution

In recent years, computer systems belonging to large companies, governments as well as personal computers have been experiencing an increasing wave of attacks that disrupt their normal operation or leak sensitive data. This implies in loss of privacy, financial and national security damages. In this context, “computer security” is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. In this context, this paper presents ShadowStack, a new dynamic integrity checking technique based on a watchdog implemented in hardware. The watchdog observes specific instructions in the code being executed through the processor pipeline, compares them against reference values generated at runtime and in the event of detecting a tentative of intrusion, the pipeline is stalled and the instructions are not allowed to commit by flushing them from the pipe. The attack type is stack smashing buffer overflow. This threatening type is by far the most common found in the literature. Experimental results obtained throughout simulations demonstrate the technique's efficiency and the corresponding overheads incurred by the use of the proposed approach.

[1]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[2]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[3]  Zhao Zhang,et al.  Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks , 2006, IEEE Micro.

[4]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[5]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[6]  Du Jiang,et al.  A New Approach against Stack Overrun: Separates the Stack to Two Parts , 2011, 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[7]  Ramesh Karri,et al.  Architecture Support for Dynamic Integrity Checking , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Amir Roth,et al.  Using DISE to protect return addresses from attack , 2005, CARN.

[9]  Shyhtsun Felix Wu,et al.  Lightweight Hardware Return Address and Stack Frame Tracking to Prevent Function Return Address Attack , 2009, 2009 International Conference on Computational Science and Engineering.

[10]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[11]  John Paul Shen,et al.  Processor Control Flow Monitoring Using Signatured Instruction Streams , 1987, IEEE Transactions on Computers.

[12]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[13]  Ramesh Karri,et al.  A high-performance, low-overhead microarchitecture for secure program execution , 2012, 2012 IEEE 30th International Conference on Computer Design (ICCD).