Visible to the public PMU-extended Hardware ROP Attack Detection

TitlePMU-extended Hardware ROP Attack Detection
Publication TypeConference Paper
Year of Publication2018
AuthorsLi, W., Li, M., Ma, Y., Yang, Q.
Conference Name2018 12th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID)
ISBN Number978-1-5386-6063-8
Keywordsarbitrary code execution, composability, Control Flow Integrity, data execution prevention mechanism, Human Behavior, low-cost hardware ROP detection approach, object oriented security, object-oriented programming, performance monitoring unit, PMU-extended hardware ROP attack detection, pubcrawl, Resiliency, return oriented programming, rop attacks, Scalability, security of data, short instruction sequences, software security

Return Oriented Programming is one of the major challenges for software security nowadays. It can bypass Data Execution Prevention (DEP) mechanism by chaining short instruction sequences from existing code together to induce arbitrary code execution. Existing defenses are usually trade-offs between practicality, security, and performance. In this paper, we propose PMUe, a low-cost hardware ROP detection approach that detects ROP attack based on three inherent properties of ROP. It is transparent to user applications and can be regarded as a small extension to existing Performance Monitoring Unit in commodity processors. Our evaluation demonstrates that PMUe can effectively detect ROP attack with negligible performance overhead.

Citation Keyli_pmu-extended_2018