Presentation title
Enforcing Control-flow integrity in Virtualized environments on ARM platformsAuthors
Gabriele Serra, Pietro Fara, Giorgiomaria Cicero and Alessandro BiondiInstitution(s)
Scuola Superiore Sant'AnnaPresentation type
Presentation of a research group from one or more scientific institutionsAbstract
Virtualization is becoming a key technology for embedded systems designs, especially for applications with mixed-criticality and security levels. Consequently, safety-critical OSes more susceptible to the most common malicious cyber-attacks such as code-reuse attack (CRA) or return-oriented programming (ROP). The control-flow integrity (CFI) technique is one of the most efficient to counteract this kind of attacks. CFI is undoubtedly a powerful technique but scarcely applicable in real cases, especially for the overhead introduced to ensure complete graph enforcement. Our work focuses on exploiting the hardware mechanisms offered by ARM processors called extit{pointer authentication} and extit{branch-target identification} to realize a robust CFI enforcement providing a hypervisor-centric attack-detection and recovery strategy. We counteracted all the weaknessese found taking advantage of a type-1 hypervisor named Clare developed at our laboratory. Furthermore, we realized an emulation of the PA mechanism through both a full-software approach and a hybrid software-hardware approach employing an FPGA. Our current investigations focus on improving the protection model to reduce the total overhead.
Additional material
For more details on this presentation please click the button below: