A Memory-Access Validation Scheme against Payload Injection Attacks

Dongkyun Ahn, Kyung Ho Lee

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attack. In spite of the various forms of protection against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protection. This paper proposes a memory-access validation scheme that manages information on spurious data at the granularity of the cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect synthesized payload injection attacks and to manage taint information with a moderate memory overhead under an acceptable performance impact.

Original languageEnglish
Article number6894165
Pages (from-to)367-399
Number of pages33
JournalIEEE Transactions on Dependable and Secure Computing
Volume12
Issue number4
DOIs
Publication statusPublished - 2015 Jul 1

    Fingerprint

Keywords

  • security
  • Virtual memory

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this