Integration of ROP/JOP monitoring IPs in an ARM-based SoC

Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug i...

Full description

Saved in:
Bibliographic Details
Main Authors: Lee, Yongje, Lee, Jinyong, Heo, Ingoo, Hwang, Dongil, Paek, Yunheung
Format: Conference Proceeding
Language:English
Subjects:
Binary codes
Computer architecture
Debugging
Design engineering
Hardware
Mathematical models
Mobile handsets
Monitoring
Monitors
Programming
Reuse
Run time (computers)
Runtime
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 336
container_issue
container_start_page 331
container_title
container_volume
creator Lee, Yongje
Lee, Jinyong
Heo, Ingoo
Hwang, Dongil
Paek, Yunheung
description Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead.
format conference_proceeding
fullrecord <record><control><sourceid>proquest_CHZPO</sourceid><recordid>TN_cdi_proquest_miscellaneous_1816077078</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7459332</ieee_id><sourcerecordid>1816077078</sourcerecordid><originalsourceid>FETCH-LOGICAL-i138t-ed328b0eae64682267c14f8ff9b725c55d01d025ac60aa66287e972c529622463</originalsourceid><addsrcrecordid>eNotj7tOwzAUQA0SEqX0C1g8skTY1_FrrCoeQUWJCsyRk9xURold4nTg76nUTmc5OtK5IiurjbCGS6GZttdkwaU0GeeM35K7lH4YY1KAXRBbhBn3k5t9DDT2dFdWT-9lRccY_BwnH_a0qBL1gbpA17uPrHEJO_oZN_fkpndDwtWFS_L98vy1ecu25WuxWW8zz4WZM-wEmIahQ5UrA6B0y_Pe9L1tNMhWyo7xjoF0rWLOKQVGo9XQSrAKIFdiSR7P3cMUf4-Y5nr0qcVhcAHjMdXccMX0adOc1Iez6hGxPkx-dNNfrXNphQDxD-SKTIE</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype><pqid>1816077078</pqid></control><display><type>conference_proceeding</type><title>Integration of ROP/JOP monitoring IPs in an ARM-based SoC</title><source>IEEE Xplore All Conference Series</source><creator>Lee, Yongje ; Lee, Jinyong ; Heo, Ingoo ; Hwang, Dongil ; Paek, Yunheung</creator><creatorcontrib>Lee, Yongje ; Lee, Jinyong ; Heo, Ingoo ; Hwang, Dongil ; Paek, Yunheung</creatorcontrib><description>Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead.</description><identifier>EISSN: 1558-1101</identifier><identifier>EISBN: 9783981537079</identifier><identifier>EISBN: 3981537076</identifier><language>eng</language><publisher>EDAA</publisher><subject>Binary codes ; Computer architecture ; Debugging ; Design engineering ; Hardware ; Mathematical models ; Mobile handsets ; Monitoring ; Monitors ; Programming ; Reuse ; Run time (computers) ; Runtime</subject><ispartof>2016 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE), 2016, p.331-336</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7459332$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,314,780,784,789,790,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7459332$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Lee, Yongje</creatorcontrib><creatorcontrib>Lee, Jinyong</creatorcontrib><creatorcontrib>Heo, Ingoo</creatorcontrib><creatorcontrib>Hwang, Dongil</creatorcontrib><creatorcontrib>Paek, Yunheung</creatorcontrib><title>Integration of ROP/JOP monitoring IPs in an ARM-based SoC</title><title>2016 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE)</title><addtitle>DATE</addtitle><description>Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead.</description><subject>Binary codes</subject><subject>Computer architecture</subject><subject>Debugging</subject><subject>Design engineering</subject><subject>Hardware</subject><subject>Mathematical models</subject><subject>Mobile handsets</subject><subject>Monitoring</subject><subject>Monitors</subject><subject>Programming</subject><subject>Reuse</subject><subject>Run time (computers)</subject><subject>Runtime</subject><issn>1558-1101</issn><isbn>9783981537079</isbn><isbn>3981537076</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2016</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotj7tOwzAUQA0SEqX0C1g8skTY1_FrrCoeQUWJCsyRk9xURold4nTg76nUTmc5OtK5IiurjbCGS6GZttdkwaU0GeeM35K7lH4YY1KAXRBbhBn3k5t9DDT2dFdWT-9lRccY_BwnH_a0qBL1gbpA17uPrHEJO_oZN_fkpndDwtWFS_L98vy1ecu25WuxWW8zz4WZM-wEmIahQ5UrA6B0y_Pe9L1tNMhWyo7xjoF0rWLOKQVGo9XQSrAKIFdiSR7P3cMUf4-Y5nr0qcVhcAHjMdXccMX0adOc1Iez6hGxPkx-dNNfrXNphQDxD-SKTIE</recordid><startdate>20160301</startdate><enddate>20160301</enddate><creator>Lee, Yongje</creator><creator>Lee, Jinyong</creator><creator>Heo, Ingoo</creator><creator>Hwang, Dongil</creator><creator>Paek, Yunheung</creator><general>EDAA</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope><scope>7SC</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20160301</creationdate><title>Integration of ROP/JOP monitoring IPs in an ARM-based SoC</title><author>Lee, Yongje ; Lee, Jinyong ; Heo, Ingoo ; Hwang, Dongil ; Paek, Yunheung</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i138t-ed328b0eae64682267c14f8ff9b725c55d01d025ac60aa66287e972c529622463</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Binary codes</topic><topic>Computer architecture</topic><topic>Debugging</topic><topic>Design engineering</topic><topic>Hardware</topic><topic>Mathematical models</topic><topic>Mobile handsets</topic><topic>Monitoring</topic><topic>Monitors</topic><topic>Programming</topic><topic>Reuse</topic><topic>Run time (computers)</topic><topic>Runtime</topic><toplevel>online_resources</toplevel><creatorcontrib>Lee, Yongje</creatorcontrib><creatorcontrib>Lee, Jinyong</creatorcontrib><creatorcontrib>Heo, Ingoo</creatorcontrib><creatorcontrib>Hwang, Dongil</creatorcontrib><creatorcontrib>Paek, Yunheung</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection><collection>Computer and Information Systems Abstracts</collection><collection>Mechanical &amp; Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lee, Yongje</au><au>Lee, Jinyong</au><au>Heo, Ingoo</au><au>Hwang, Dongil</au><au>Paek, Yunheung</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Integration of ROP/JOP monitoring IPs in an ARM-based SoC</atitle><btitle>2016 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE)</btitle><stitle>DATE</stitle><date>2016-03-01</date><risdate>2016</risdate><spage>331</spage><epage>336</epage><pages>331-336</pages><eissn>1558-1101</eissn><eisbn>9783981537079</eisbn><eisbn>3981537076</eisbn><abstract>Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead.</abstract><pub>EDAA</pub><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 1558-1101
ispartof 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2016, p.331-336
issn 1558-1101
language eng
recordid cdi_proquest_miscellaneous_1816077078
source IEEE Xplore All Conference Series
subjects Binary codes
Computer architecture
Debugging
Design engineering
Hardware
Mathematical models
Mobile handsets
Monitoring
Monitors
Programming
Reuse
Run time (computers)
Runtime
title Integration of ROP/JOP monitoring IPs in an ARM-based SoC
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T00%3A54%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Integration%20of%20ROP/JOP%20monitoring%20IPs%20in%20an%20ARM-based%20SoC&rft.btitle=2016%20Design,%20Automation%20&%20Test%20in%20Europe%20Conference%20&%20Exhibition%20(DATE)&rft.au=Lee,%20Yongje&rft.date=2016-03-01&rft.spage=331&rft.epage=336&rft.pages=331-336&rft.eissn=1558-1101&rft_id=info:doi/&rft.eisbn=9783981537079&rft.eisbn_list=3981537076&rft_dat=%3Cproquest_CHZPO%3E1816077078%3C/proquest_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i138t-ed328b0eae64682267c14f8ff9b725c55d01d025ac60aa66287e972c529622463%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1816077078&rft_id=info:pmid/&rft_ieee_id=7459332&rfr_iscdi=true