Abstract
While research into building robust and survivable networks has steadily intensified in recent years, similar efforts at the application level and below have focused primarily on attack discovery, ignoring the larger issue of how to gracefully recover from an intrusion at that level. Our work attempts to bridge this inherent gap between theory and practice through the introduction of a new architectural technique, which we call rollback and huddle. Inspired by concepts made popular in the world of software debug, we propose the inclusion of extra on-chip hardware for the efficient storage and tracing of execution contexts. Upon the detection of some software protection violation, the application is restarted at the last known safe checkpoint (the rollback part). During this deterministic replay, an additional hw/sw module is then loaded that can increase the level of system monitoring, log more detailed information about any future attack source, and potentially institute a live patch of the vulnerable part of the software executable (the huddle part). Our experimental results show that this approach could have a practical impact on modern computing system architectures, by allowing for the inclusion of low-overhead software security features while at the same time incorporating an ability to gracefully recover from attack.
Similar content being viewed by others
References
Abadi M, Budiu M, Erlingsson U, Ligatti J (2005) Control-flow integrity: Principles, implementations, and applications. In: Proceedings of the ACM conference on computer and communications security (CCS), pp 340–353
Bernstein DJ (2004) Unix security holes. Available at http://cr.yp.to/2004-494.html
Castro M, Costa M, Harris T (2006) Securing software by enforcing data-flow integrity. In: Proceedings of the workshop on architecture and system support for improving software dependability (ASID), pp 42–51
CERT (2004) US-CERT cyber security bulletin sb04-357. Available at http://www.us-cert.gov/cas/bulletins/SB04-357.html
Corliss M, Lewis EC, Roth A (2005) Using DISE to protect return addresses from attack. Comput Archit News 33(1):65–72
Cowan C, Pu C, Maier D, Hinton H, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1998) Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the USENIX security symposium, pp 63–78
Cowan C, Beattie S, Johansen J, Wagle P (2003) Pointguard: Protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the USENIX security symposium, pp 91–104
Crandall J, Wu SF, Chong F (2006) Minos: Architectural support for protecting control data. ACM Trans Archit Code Optim 3(4):359–389
de Oliveira DAS, Crandall JR, Wassermann G, Wu SF, Su Z, Chong FT (2006) Execrecorder: Vm-based full-system replay for attack analysis and system recovery. In: ASID ’06: Proceedings of the 1st workshop on architectural and system support for improving software dependability, pp 66–71
Dyer J, Lindemann M, Perez R, Sailer R, van Doorn L, Smith S, Weingart S (2001) Building the IBM 4758 secure coprocessor. Computer 34(10):57–66
Feng H, Kolesnikov O, Fogla P, Lee W, Gong W (2003) Anomaly detection using call stack information. In: Proceedings of the IEEE symposium on security and privacy, pp 62–75
Gao D, Reiter MK, Song D (2004) Gray-box extraction of execution graphs for anomaly detection. In: Proceedings of the ACM conference on computer and communications security (CCS), pp 318–329
Ghosh A, O’Connor T, McGraw G (1998) An automated approach for identifying potential vulnerabilities in software. In: Proceedings of the IEEE symposium on security and privacy, pp 104–114
Guthaus M, Ringenberg J, Ernst D, Austin T, Mudge T, Brown R (2001) MiBench: A free, commercially representative embedded benchmark suite. In: Proceedings of the international workshop on workload characterization (WWC), pp 3–14
Kiriansky VL (2003) Secure execution environment via program shepherding. Master’s thesis, Massachusetts Institute of Technology
Lie D, Thekkath C, Mitchell M, Lincoln P, Boneh D, Mitchell J, Horowitz M (2000) Architectural support for copy and tamper resistant software. In: Proceedings of the 9th international conference on architectural support for programming languages and operating systems (ASPLOS-IX), pp 168–177
Necula G, McPeak S, Weimer W (2002) CCured: Type-safe retrofitting of legacy code. In: Proceedings of the ACM symposium on principles of programming languages (POPL), pp 128–139
Ozdoganoglu H, Vijaykumar T, Brodley C, Jalote A, Kuperman B (2003) SmashGuard: A hardware solution to prevent security attacks on the function return address. Technical Report TR-ECE 03-13, School of Electrical and Computer Engineering, Purdue University
Park Y-J, Zhang Z, Lee G (2006) Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro 26(4):62–71
Prvulovic M, Zhangzy Z, Torrellas J (2002) ReVive: Cost-effective architectural support for rollback recovery in shared-memory multiprocessors. In: Proceedings of the international symposium on computer architecture (ISCA), pp 111–122
Sekar R, Bendre M, Dhurjati D, Bollineni P (2001) A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE symposium on security and privacy, pp 144–155
Shi W, Lee H-HS, Falk L, Ghosh M (2006) An integrated framework for dependable and revivable architectures using multicore processors. SIGARCH Comput Archit News 34(2):102–113
Smirnov A, cker Chiueh T (2005) Dira: Automatic detection, identification, and repair of control-hijacking attacks. In: Proceedings of the 12th annual network and distributed system security symposium
Sorin D, Martin M, Hill M, Wood D (2002) SafetyNet: Improving the availability of shared memory multiprocessors with global checkpoint/recovery. In: Proceedings of international symposium on computer architecture (ISCA), pp 123–134
Suh GE, Lee JW, Zhang D, Devadas S (2004) Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th international conference on architectural support for programming languages and operating systems, pp 84–96
Suh GE, O’Donnell C, Sachdev I, Devadas S (2005) Design and implementation of the AEGIS single-chip secure processor using physical random functions. In: Proceedings of the international symposium on computer architecture (ISCA), pp 25–36
Teodorescu R, Torrellas J (2005) Prototyping architectural support for program rollback using FPGAs. In: Proceedings of the international symposium on field-programmable custom computing machines (FCCM), pp 23–32
Tuck N, Calder B, Varghese G (2004) Hardware and binary modification support for code pointer protection from buffer overflow. In: Proceedings of the international symposium on microarchitecture (MICRO), pp 209–220
Wagner D, Dean D (2001) Intrusion detection via static analysis. In: Proceedings of the IEEE symposium on security and privacy, p 156
Wilander J, Kamkar M (2003) A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the network and distributed system security symposium, pp 149–162
Xu M, Bodik R, Hill M (2003) A flight data recorder for enabling full-system multiprocessor deterministic replay. Comput Archit News 31(2):122–135
Yang J, Zhang Y, Gao L (2003) Fast secure processor for inhibiting software piracy and tampering. In: Proceedings of the 36th international symposium on microarchitecture (MICRO), pp 351–360
Yourst M (2007) Ptlsim: A cycle accurate full system x86-64 microarchitectural simulator. In: Proceedings of the IEEE symposium on performance analysis of systems and software (ISPASS), pp 23–34
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sathre, J., Zambreno, J. Automated software attack recovery using rollback and huddle. Des Autom Embed Syst 12, 243–260 (2008). https://doi.org/10.1007/s10617-008-9020-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10617-008-9020-4