Software-driven security attacks: From vulnerability sources to durable hardware defenses

Lauren Biernacki, Mark Gallagher, Zhixing Xu, Misiker Tadesse Aga, Austin Harris, Shijia Wei, Mohit Tiwari, Baris Kasikci, Sharad Malik, Todd Austin

Research output: Contribution to journalArticlepeer-review

Abstract

There is an increasing body of work in the area of hardware defenses for software-driven security attacks. A significant challenge in developing these defenses is that the space of security vulnerabilities and exploits is large and not fully understood. This results in specific point defenses that aim to patch particular vulnerabilities. While these defenses are valuable, they are often blindsided by fresh attacks that exploit new vulnerabilities. This article aims to address this issue by suggesting ways to make future defenses more durable based on an organization of security vulnerabilities as they arise throughout the program life cycle. We classify these vulnerability sources through programming, compilation, and hardware realization, and we show how each source introduces unintended states and transitions into the implementation. Further, we show how security exploits gain control by moving the implementation to an unintended state using knowledge of these sources and how defenses work to prevent these transitions. This framework of analyzing vulnerability sources, exploits, and defenses provides insights into developing durable defenses that could defend against broader categories of exploits. We present illustrative case studies of four important attack genealogies - showing how they fit into the presented framework and how the sophistication of the exploits and defenses have evolved over time, providing us insights for the future.

Original languageEnglish (US)
Article number3456299
JournalACM Journal on Emerging Technologies in Computing Systems
Volume17
Issue number3
DOIs
StatePublished - Jul 2021

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Keywords

  • Implementation information
  • Security attacks and defenses
  • Taxonomy
  • Undefined semantics
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'Software-driven security attacks: From vulnerability sources to durable hardware defenses'. Together they form a unique fingerprint.

Cite this