This project addresses hardware solutions to computer security. In particular Heatstroke is a method for detecting and preventing denial of service attacks based on overheating hardware.
Our second project addresses buffer overflow attacks on the return address. Our method, which we call SmashGuard, is a hardware-based solution to prevent Buffer-Overflow Attacks realized by overwriting the Function Return Address. SmashGuard keeps a copy of each Return address that is written to the program stack by each function call, in a LIFO buffer on the CPU - the Hardware stack. When a function returns to the caller, the Return Addresses in the hardware stack and the program stack are compared. A mismatch signals tampering with the Return Address in the program stack, which is a sign of a Buffer Overflow attack. A hardware interrupt is raised and the process terminated before the control is transferred to the modified return addresss. The design of SmashGuard is a kernel patch that supports CPUs modified to support SmashGuard protection.
Collaborators: Ankit Jalote, T.N. Vijaykumar, Hilmi Ozdoganoglu, Ben Kuperman
Authors: Ozdoganoglu, H., Jalote, A., Vijaykumar, T. N., Brodley, C. E., and Kuperman, B.
IEEE Transactions on Computers
55 (10), pp 1271-1285
Abstract: A buffer overflow attack is perhaps the most common attack used to compromise the security of a host. This attack can be used to change the function return address and redirect execution to the attacker's code. We present a hardware-based solution, called SmashGuard, to protect against all known forms of attack on the function return addresses stored on the program stack. With each function call instruction, the current return address is pushed onto a hardware stack. A return instruction compares its address to the return address from the top of the hardware stack. An exception is raised to signal the mismatch. Because the stack operations and checks are done in hardware in parallel with the usual execution of instructions, our best-performing implementation scheme has virtually no performance overhead (because we are modifying hardware, it is impossible to guarantee zero overhead without an actual hardware implementation). While previous software-based approaches' average performance degradation for the SPEC2000 benchmarks is only 2.8 percent, their worst-case degradation is up to 8.3 percent. Apart from the lack of robustness in performance, the software approaches' key disadvantages are less security coverage and the need for recompilation of applications. SmashGuard, on the other hand, is secure and does not require recompilation of applications.
Authors: Jacob, N. and Brodley, C. E.
22nd Annual Computer Security Applications Conference
Abstract: Signature-matching intrusion detection systems can experience significant decreases in performance when the load on the IDS-host increases. We propose a solution that off-loads some of the computation performed by the IDS to the graphics processing unit (GPU). Modern GPUs are programmable, stream-processors capable of high-performance computing that in recent years have been used in non-graphical computing tasks. The major operation in a signature-matching IDS is matching values seen operation to known black-listed values, as such, our solution implements the string-matching on the GPU. The results show that as the CPU load on the IDS host system increases, PixelSnort's performance is significantly more robust and is able to outperform conventional Snort by up to 40%
Authors: Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T.N. and Jalote, A.
Communications of the ACM
48 (11), pp. 51-56, November
Abstract: How to mitigate remote attacks that exploit buffer overflow vulnerabilities on the stack and enable attackers to take control of the program.
Authors: Hasan, J., Jalote, A., Vijaykumar, T. N., and Brodley, C. E.
Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Abstract: In the past, there have been several denial-of-service (DOS) attacks which exhaust some shared resource (e.g., physical memory, process table, file descriptors, TCP connections) of the targeted machine. Though these attacks have been addressed, it is important to continue to identify and address new attacks because DOS is one of most prominent methods used to cause significant financial loss. A recent paper shows how to prevent attacks that exploit the sharing of pipeline resources (e.g., shared trace cache) in SMT to degrade the performance of normal threads. In this paper, we show that power density can be exploited in SMT to launch a novel DOS attack, called heat stroke. Heat stroke repeatedly accesses a shared resource to create a hot spot at the resource. Current solutions to hot spots inevitably involve slowing down the pipeline to let the hot spot cool down. Consequently, heat stroke slows down the entire SMT pipeline and severely degrades normal threads. We present a solution to heat stroke by identifying the thread that causes the hot spot and selectively slowing down the malicious thread while minimally affecting normal threads.