Hafix: Hardware-Assisted Flow Integrity Extension

Creator

Lucas Davi, Technische Universität Darmstadt
Matthias Hanreich, Technische Universität Darmstadt
Debayan Paul, Technische Universität Darmstadt
Ahmad Reza Sadeghi, Technische Universität Darmstadt
Patrick Koeberl, Intel Corporation

Abstract

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present H AFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). H AFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Publication Date

7-24-2015

Publication Title

Proceedings - Design Automation Conference

Volume

2015-July

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/2744769.2744847

Copyright Status

Unknown

Socpus ID

84944080766 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84944080766

STARS Citation

Davi, Lucas; Hanreich, Matthias; Paul, Debayan; Sadeghi, Ahmad Reza; and Koeberl, Patrick, "Hafix: Hardware-Assisted Flow Integrity Extension" (2015). Scopus Export 2015-2019. 1553.
https://stars.library.ucf.edu/scopus2015/1553