Errors in hardware and software lead to vulnerabilities that can be exploited by attackers.Proposed exploit mitigation techniques can be broadly categorized into two: software-onlytechniques and techniques that propose specialized hardware extensions. Software-onlytechniques can be implemented on existing hardware, but typically suffer from impracticallyhigh overheads. On the other hand, specialized hardware extensions, while improvingperformance, in practice require a long time to be incorporated into production hardware.In this dissertation, we propose adapting existing processor features to provide novel andlow-overhead security solutions.In the first part of the dissertation, we show how modern hardware features can be usedto provide efficient memory safety. One component of memory safety that has becomeimportant in recent years is temporal memory safety. Temporal memory safety techniquesare used to detect memory errors such as use-after-free errors. This dissertation proposes atemporal memory safety technique that takes advantage of pointer authentication hardwareto significantly reduce the memory and runtime overhead of traditional temporal safetytechniques. Providing complete memory safety on resource constrained devices is expensive,therefore we propose software-based fault isolation (sandboxing) as an efficient alternativeto constrain attackers’ access to code and data in embedded systems. We show how we canuse the memory protection unit (MPU) hardware available in many embedded devices alongwith a small trusted runtime to build a low-overhead sandboxing mechanism.In the second part of the dissertation, we show how hardware performance countersin modern processors can be used to detect rowhammer attacks. Our technique detectsrowhammer attacks by monitoring for high locality memory accesses out of the last-levelcache using hardware performance counters. The technique accurately detects rowhammerattacks with a low performance overhead and without requiring hardware modifications.
PDF
download
878987797
028-85220240
