Skip to main content
SpringerLink
Log in

IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

In recent years many security attacks occur when malicious codes abuse in-process memory resources. Due to the increasing complexity, an application program may call third-party code which cannot be controlled by programmers but may contain security vulnerabilities. As a result, the users have the risk of suffering information leakage and control flow hijacking. However, current solutions like Intel memory protection extensions (MPX) severely degrade performance, while other approaches like Intel memory protection keys (MPK) lack flexibility in dividing security domains. In this paper, we propose IMPULP, an effective and efficient hardware approach for in-process memory protection. The rationale of IMPULP is user-level partitioning that user code segments are divided into different security domains according to their instruction addresses, and accessible memory spaces are specified dynamically for each domain via a set of boundary registers. Each instruction related to memory access will be checked according to its security domain and the corresponding boundaries, and illegal in-process memory access of untrusted code segments will be prevented. IMPULP can be leveraged to prevent a wide range of in-process memory abuse attacks, such as buffer overflows and memory leakages. For verification, an FPGA prototype based on RISC-V instruction set architecture has been developed. We present eight tests to verify the effectiveness of IMPULP, including five memory protection function tests, a test to defense typical buffer overflow, a test to defense famous memory leakage attack named Heartbleed, and a test for security benchmark. We execute the SPEC CPU2006 benchmark programs to evaluate the efficiency of IMPULP. The performance overhead of IMPULP is less than 0.2% runtime on average, which is negligible. Moreover, the resource overhead is less than 5.5% for hardware modification of IMPULP.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Jacomme C, Kremer S, Scerri G. Symbolic models for isolated execution environments. In Proc. the 2007 IEEE European Symposium on Security and Privacy, April 2017, pp.530-545.

  2. Chen Y H, Reymondjohnson S, Sun Z, Lu L. Shreds: Fine-grained execution units with private memory. In Proc. the 2006 IEEE Symposium on Security and Privacy, May 2016, pp.56-71.

  3. Kudo N, Yamauchi T, Austin T H. Access control for plugins in Cordova-based hybrid applications. In Proc. the 31st IEEE International Conference on Advanced Information Networking and Applications, March 2017, pp.1063-1069.

  4. McCamant S, Morrisett G. Evaluating SFI for a CISC architecture. In Proc. the 15th USENIX Security Symposium, July 2006, Article No. 9.

  5. Wahbe R, Lucco S, Anderson T E, Graham S L. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 1993, 27(5): 203-216.

    Article  Google Scholar 

  6. Sehr D, Muth R, Biffle C, Khimenko V, Pasko E, Schimpf K, Yee B, Chen B. Adapting software fault isolation to contemporary CPU architectures. In Proc. the 19th USENIX Security Symposium, August 2010, pp.1-12.

  7. Otterstad C W. A brief evaluation of Intel®MPX. In Proc. the 2015 Annual IEEE Systems Conference, April 2015, pp.1-7.

  8. One Aleph. Smashing the stack for fun and profit. Phrack Magazine, 1996, 7(49): Article No. 14.

  9. Schuster F, Tendyck T, Liebchen C, Davi L, Sadeghi A R, Holz T. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In Proc. the 36th IEEE Symposium on Security and Privacy, May 2015, pp.745-762.

  10. Shacham H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. the 2007 ACM SIGSAC Conference on Computer and Communications Security, October 2007, pp.552-561.

  11. Snow K Z, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proc. the 34th IEEE Symposium on Security and Privacy, May 2013, pp.574-588.

  12. Chen S, Xu J, Sezer E C. Non-control-data attacks are realistic threats. In Proc. the 14th USENIX Security Symposium, July 2005, Article No. 13.

  13. Hu H, Chua Z L, Adrian S, Saxena P, Liang Z. Automatic generation of data-oriented exploits. In Proc. the 24th USENIX Security Symposium, August 2015, pp.177-192.

  14. Hu H, Shinde S, Adrian S, Chua Z L, Saxena P, Liang Z. Data-oriented programming: On the expressiveness of non-control data attacks. In Proc. the 37th IEEE Symposium on Security and Privacy, May 2016, pp.969-986.

  15. Roemer R, Buchanan E, Shacham H, Savage S. Return-oriented programming system, languages, and applications. ACM Transactions on Information and System Security, 2012, 15(1): Article No. 2.

    Article  Google Scholar 

  16. Sadeghi A A, Niksefat S, Rostamipour M. Pure-call oriented programming (PCOP): Chaining the gadgets using call instructions. Journal of Computer Virology and Hacking Techniques, 2018, 14(2): 139-156.

    Article  Google Scholar 

  17. Bletsch T, Jiang X, Freeh V, Liang Z. Jump oriented programming: A new class of code-reuse attack. In Proc. the 6th ACM Symposium on Information, Computer and Communications Security, March 2011, pp.30-40.

  18. Lu K, Song C, Lee B, Chung S P, Lee W. ASLR-guard: Stopping address space leakage for code reuse attacks. In Proc. the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 2015, pp.280-291.

  19. Abadi M, Budiu M, Erlingsson U, Ligatti J. Control-flow integrity. In Proc. the 12th ACM SIGSAC Conference on Computer and Communications Security, November 2005, pp.340-353.

  20. Kuznetsov V, Szekeres L, Payer M, Candea G, Sekar R, Song D. Code-pointer integrity. In Proc. the 11th USENIX Symposium on Operating Systems Design and Implementation, October 2014, pp.147-163.

  21. Evans I, Fingeret S, Gonzalez J, Otgonbaatar U, Tang T, Shrobe H, Sidiroglou-Douskos S, Rinard M, Okhravi H. Missing the point(er): On the effectiveness of code pointer integrity. In Proc. the 36th IEEE Symposium on Security and Privacy, May 2015, pp.781-796.

  22. Akritidis P, Cadar C, Raiciu C, Costa M, Castro M. Preventing memory error exploits with WIT. In Proc. the 29th IEEE Symposium on Security and Privacy, May 2008, pp.263-277.

  23. Castro M, Costa M, Harris T. Securing software by enforcing data-flow integrity. In Proc. the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006, pp.147-160.

  24. Frassetto T, Jauernig P, Liebchen C, Sadeghi A, Darmstadt T U. IMIX: In-process memory isolation eXtension. In Proc. the 27th USENIX Security Symposium, August 2018, pp.83-97.

  25. Costan V, Devadas S. Intel SGX explained. IACR Cryptology ePrint Archive, 2016, 2016: Article No. 86.

  26. Feustel E A. On the advantages of tagged architecture. IEEE Transactions on Computers, 1973, 22(7): 644-656.

    Article  Google Scholar 

  27. Tsai T, Singh N. Libsafe: Transparent system-wide protection against buffer overflow attacks. In Proc. the 2002 International Conference on Dependable Systems and Networks, June 2002, Article No. 541.

  28. Lin Z, Mao B, Xie L. LibsafeXP: A practical and transparent tool for run-time buffer overflow preventions. In Proc. the 7th Annual IEEE Information Assurance Workshop, June 2006, pp.332-339.

  29. Dang T H Y, Maniatis P, Wagner D. The performance cost of shadow stacks and stack canaries. In Proc. the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, pp.555-566.

  30. Belay A, Bittau A, Mashtizadeh A, Terei D, Mazières D, Kozyrakis C. Dune: Safe user-level access to privileged CPU features. In Proc. the 10th USENIX Symposium on Operating Systems Design and Implementation, October 2012, pp.335-348.

  31. Chen Y, Reymondjohnson S, Sun Z, Lu L. Shreds: Fine-grained execution units with private memory. In Proc. the 2016 IEEE Symposium on Security and Privacy, May 2016, pp.56-71.

  32. Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. In Proc. the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, October 2004, pp.97-106.

    Article  Google Scholar 

  33. Carlini N, Barresi A, Payer M, Wagner D, Gross T R. Control-flow bending: On the effectiveness of control-flow integrity. In Proc. the 24th USENIX Security Symposium, August 2015, pp.161-176.

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, China

    Yang-Yang Zhao, Ming-Yu Chen, Yu-Hang Liu, Zong-Hao Yang & Xiao-Jing Zhu

  2. University of Chinese Academy of Sciences, Beijing, 100049, China

    Yang-Yang Zhao, Ming-Yu Chen, Yu-Hang Liu, Zong-Hao Yang, Zong-Hui Hong & Yun-Ge Guo

  3. PengCheng Laboratory, Shenzhen, 518055, China

    Ming-Yu Chen & Yu-Hang Liu

Authors
  1. Yang-Yang Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ming-Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu-Hang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zong-Hao Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiao-Jing Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zong-Hui Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yun-Ge Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ming-Yu Chen.

Electronic supplementary material

ESM 1

(PDF 227 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhao, YY., Chen, MY., Liu, YH. et al. IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning. J. Comput. Sci. Technol. 35, 418–432 (2020). https://doi.org/10.1007/s11390-020-9703-2

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-020-9703-2

Keywords

Search

Navigation