Memory corruption is the root cause of modern attacks. The purpose of hijacking the control flow is achieved by modifying the data in memory. Using unsafe languages to expose memory to developers results in a lot of sensitive data that can be modified arbitrarily. The existing solutions against security attacks mainly include two aspects, software-based and hardware mechanism protection. Although the software-based mechanism is flexible, it has serious performance overheads. The hardware-based method can greatly cut down the performance loss, and it is safer than the software method. Therefore, many hardware protection mechanisms have been proposed. However, most of the existing hardware mechanisms only target a single attack and lack flexibility. In this paper, we propose a solution that combines software and hardware by encrypting and hiding sensitive data when the program is running. The mechanism decrypts these sensitive data when accessing, and then does security checks to determine whether the sensitive data has been modified. We design secure Load and Store instructions in terms of hardware implementation, as well as encryption and decryption hardware modules. Software compiler supports such security instructions. At the same time, two security strategies are proposed for different usage scenarios: global restriction strategy and context execution restriction strategy. Compared with the former, the latter provides more stringent constraints and can be applied to program protection with higher security priority. Our security mechanism can resist a variety of attack vectors, such as CFI attacks, recent DOP attacks, GOT table and virtual function table infection attacks, etc. It can also mitigate buffer overflow attacks and support information hiding. The experiments of SPEC2006 show that the performance overhead of our proposed safety mechanism is only 4.5%.

• 单位
  中国科学院大学; 计算机体系结构国家重点实验室