TY - GEN
T1 - Morpheus
T2 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019
AU - Gallagher, Mark
AU - Biernacki, Lauren
AU - Chen, Shibo
AU - Aweke, Zelalem Birhanu
AU - Yitbarek, Salessawi Ferede
AU - Aga, Misiker Tadesse
AU - Harris, Austin
AU - Xu, Zhixing
AU - Kasikci, Baris
AU - Bertacco, Valeria
AU - Malik, Sharad
AU - Tiwari, Mohit
AU - Austin, Todd
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/4/4
Y1 - 2019/4/4
N2 - Attacks often succeed by abusing the gap between program and machine-level semantics- for example, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program's execution. In this work, we take secure system design on the offensive by continuously obfuscating information that attackers need but normal programs do not use, such as representation of code and pointers or the exact location of code and data. Our secure hardware architecture, Morpheus, combines two powerful protections: Ensembles of moving target defenses and churn. Ensembles of moving target defenses randomize key program values (e.g., relocating pointers and encrypting code and pointers) which forces attackers to extensively probe the system prior to an attack. To ensure attack probes fail, the architecture incorporates churn to transparently rerandomize program values underneath the running system. With frequent churn, systems quickly become impractically difficult to penetrate. We demonstrate Morpheus through a RISC-V-based prototype designed to stop control-flow attacks. Each moving target defense in Morpheus uses hardware support to individually offer more randomness at a lower cost than previous techniques. When ensembled with churn, Morpheus defenses offer strong protection against control-flow attacks, with our security testing and performance studies revealing: I) high-coverage protection for a broad array of control-flow attacks, including protections for advanced attacks and an attack disclosed after the design of Morpheus, and ii) negligible performance impacts (1%) with churn periods up to 50 ms, which our study estimates to be at least 5000x faster than the time necessary to possibly penetrate Morpheus.
AB - Attacks often succeed by abusing the gap between program and machine-level semantics- for example, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program's execution. In this work, we take secure system design on the offensive by continuously obfuscating information that attackers need but normal programs do not use, such as representation of code and pointers or the exact location of code and data. Our secure hardware architecture, Morpheus, combines two powerful protections: Ensembles of moving target defenses and churn. Ensembles of moving target defenses randomize key program values (e.g., relocating pointers and encrypting code and pointers) which forces attackers to extensively probe the system prior to an attack. To ensure attack probes fail, the architecture incorporates churn to transparently rerandomize program values underneath the running system. With frequent churn, systems quickly become impractically difficult to penetrate. We demonstrate Morpheus through a RISC-V-based prototype designed to stop control-flow attacks. Each moving target defense in Morpheus uses hardware support to individually offer more randomness at a lower cost than previous techniques. When ensembled with churn, Morpheus defenses offer strong protection against control-flow attacks, with our security testing and performance studies revealing: I) high-coverage protection for a broad array of control-flow attacks, including protections for advanced attacks and an attack disclosed after the design of Morpheus, and ii) negligible performance impacts (1%) with churn periods up to 50 ms, which our study estimates to be at least 5000x faster than the time necessary to possibly penetrate Morpheus.
KW - moving target defense
KW - runtime randomization
UR - http://www.scopus.com/inward/record.url?scp=85064687689&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85064687689&partnerID=8YFLogxK
U2 - 10.1145/3297858.3304037
DO - 10.1145/3297858.3304037
M3 - Conference contribution
AN - SCOPUS:85064687689
T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
SP - 469
EP - 484
BT - ASPLOS 2019 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems
PB - Association for Computing Machinery
Y2 - 13 April 2019 through 17 April 2019
ER -