HDFI: Hardware-Assisted Data-Flow Isolation

Cited 105 time in webofscience Cited 79 time in scopus
  • Hit : 168
  • Download : 0
DC FieldValueLanguage
dc.contributor.authorChengyu Songko
dc.contributor.authorHyungon Moonko
dc.contributor.authorMonjur Alamko
dc.contributor.authorInsu Yunko
dc.contributor.authorByoungyoung Leeko
dc.contributor.authorTaesoo Kimko
dc.contributor.authorWenke Leeko
dc.contributor.authorYunheung Paekko
dc.date.accessioned2021-02-08T00:50:15Z-
dc.date.available2021-02-08T00:50:15Z-
dc.date.created2021-02-08-
dc.date.created2021-02-08-
dc.date.issued2016-05-23-
dc.identifier.citation37th IEEE Symposium on Security and Privacy (Oakland '16), pp.1 - 17-
dc.identifier.urihttp://hdl.handle.net/10203/280630-
dc.description.abstractMemory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by virtually extending each memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell - LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (< 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, virtual function table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions.-
dc.languageEnglish-
dc.publisherIEEE Computer Society-
dc.titleHDFI: Hardware-Assisted Data-Flow Isolation-
dc.typeConference-
dc.identifier.wosid000387292800001-
dc.identifier.scopusid2-s2.0-84987679989-
dc.type.rimsCONF-
dc.citation.beginningpage1-
dc.citation.endingpage17-
dc.citation.publicationname37th IEEE Symposium on Security and Privacy (Oakland '16)-
dc.identifier.conferencecountryUS-
dc.identifier.conferencelocationSan Jose-
dc.identifier.doi10.1109/SP.2016.9-
dc.contributor.localauthorInsu Yun-
dc.contributor.nonIdAuthorChengyu Song-
dc.contributor.nonIdAuthorHyungon Moon-
dc.contributor.nonIdAuthorMonjur Alam-
dc.contributor.nonIdAuthorByoungyoung Lee-
dc.contributor.nonIdAuthorTaesoo Kim-
dc.contributor.nonIdAuthorWenke Lee-
dc.contributor.nonIdAuthorYunheung Paek-
Appears in Collection
EE-Conference Papers(학술회의논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 105 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0