English

Zipper Stack: Shadow Stacks Without Shadow

Cryptography and Security 2020-07-16 v3
Authors: Jinfeng Li , Liwei Chen , Qizhen Xu , Linan Tian , Gang Shi , Kai Chen , Dan Meng
View on arXiv PDF

Abstract

Return-Oriented Programming (ROP) is a typical attack technique that exploits return addresses to abuse existing code repeatedly. Most of the current return address protecting mechanisms (also known as the Backward-Edge Control-Flow Integrity) work only in limited threat models. For example, the attacker cannot break memory isolation, or the attacker has no knowledge of a secret key or random values. This paper presents a novel, lightweight mechanism protecting return addresses, Zipper Stack, which authenticates all return addresses by a chain structure using cryptographic message authentication codes (MACs). This innovative design can defend against the most powerful attackers who have full control over the program's memory and even know the secret key of the MAC function. This threat model is stronger than the one used in related work. At the same time, it produces low-performance overhead. We implemented Zipper Stack by extending the RISC-V instruction set architecture, and the evaluation on FPGA shows that the performance overhead of Zipper Stack is only 1.86%. Thus, we think Zipper Stack is suitable for actual deployment.

Keywords

side-channel attack

Cite

@article{arxiv.1902.00888,
  title  = {Zipper Stack: Shadow Stacks Without Shadow},
  author = {Jinfeng Li and Liwei Chen and Qizhen Xu and Linan Tian and Gang Shi and Kai Chen and Dan Meng},
  journal= {arXiv preprint arXiv:1902.00888},
  year   = {2020}
}

Comments

to be published in ESORICS 2020

Related papers

View all related →
Cryptography and Security · Computer Science
The never ending war in the stack and the reincarnation of ROP attacks
Ammari Nader, Joan Calvet, Jose M. Fernandez
2020-05-26
Cryptography and Security · Computer Science
ROPfuscator: Robust Obfuscation with ROP
Giulio De Pasquale, Fukutomo Nakanishi, Daniele Ferla, Lorenzo Cavallaro
2023-04-05
Cryptography and Security · Computer Science
SIGDROP: Signature-based ROP Detection using Hardware Performance Counters
Xueyang Wang, Jerry Backer
2016-09-12
Cryptography and Security · Computer Science
Security Mitigations for Return-Oriented Programming Attacks
Piotr Bania
2010-08-25
Cryptography and Security · Computer Science
DeTRAP: RISC-V Return Address Protection With Debug Triggers
Isaac Richter, Jie Zhou, John Criswell
2024-09-02
Cryptography and Security · Computer Science
Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation
Pietro Borrello, Emilio Coppa, Daniele Cono D'Elia
2021-08-12
Cryptography and Security · Computer Science
PACStack: an Authenticated Call Stack
Hans Liljestrand, Thomas Nyman, Lachlan J. Gunn, Jan-Erik Ekberg +1
2020-10-16
Cryptography and Security · Computer Science
Return-Oriented Programming on RISC-V
Georges-Axel Jaloyan, Konstantinos Markantonakis, Raja Naeem Akram, David Robin +2
2021-03-16
Cryptography and Security · Computer Science
A Leak-Resilient Dual Stack Scheme for Backward-Edge Control-Flow Integrity
Philipp Zieris, Julian Horsch
2018-06-26
Cryptography and Security · Computer Science
Shining Light On Shadow Stacks
Nathan Burow, Xinping Zhang, Mathias Payer
2019-11-26
Cryptography and Security · Computer Science
Execution at RISC: Stealth JOP Attacks on RISC-V Applications
Loïc Buckwell, Olivier Gilles, Daniel Gracia Pérez, Nikolai Kosmatov
2023-07-25
Cryptography and Security · Computer Science
A practical analysis of ROP attacks
Ayush Bansal, Debadatta Mishra
2021-11-08
Cryptography and Security · Computer Science
ROPocop - Dynamic Mitigation of Code-Reuse Attacks
Andreas Follner, Eric Bodden
2015-04-10
Cryptography and Security · Computer Science
Silhouette: Efficient Protected Shadow Stacks for Embedded Systems
Jie Zhou, Yufei Du, Zhuojia Shen, Lele Ma +2
2020-06-29
Cryptography and Security · Computer Science
EOP: An Encryption-Obfuscation Solution for Protecting PCBs Against Tampering and Reverse Engineering
Zimu Guo, Xiaolin Xu, Mark M. Tehranipoor, Domenic Forte
2019-04-23
Cryptography and Security · Computer Science
Return-Oriented Programming in RISC-V
Garrett Gu, Hovav Shacham
2020-07-31
Cryptography and Security · Computer Science
CleanStack: A New Dual-Stack for Defending Against Stack-Based Memory Corruption Attacks
Lei Chong
2025-03-24
Cryptography and Security · Computer Science
HCIC: Hardware-assisted Control-flow Integrity Checking
Jiliang Zhang, Binhang Qi, Gang Qu
2018-09-20
Cryptography and Security · Computer Science
Return Oriented Programming - Exploit Implementation using functions
Sunil Kumar Sathyanarayan, Dr. Makan Pourzandi, Katayoun Aliyari
2017-06-28
Cryptography and Security · Computer Science
SafeLLVM: LLVM Without The ROP Gadgets!
Federico Cassano, Charles Bershatsky, Jacob Ginesin, Sasha Bashenko
2023-11-03
Cryptography and Security · Computer Science
ROPNN: Detection of ROP Payloads Using Deep Neural Networks
Xusheng Li, Zhisheng Hu, Haizhou Wang, Yiwei Fu +3
2024-02-14
Cryptography and Security · Computer Science
Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture
Kai Lehniger, Marcin J. Aftowicz, Peter Langendörfer, Zoya Dyka
2022-01-19
Cryptography and Security · Computer Science
InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion
Zhuojia Shen, John Criswell
2023-07-20
Networking and Internet Architecture · Computer Science
An Active Host-Based Intrusion Detection System for ARP-Related Attacks and its Verification
Ferdous A Barbhuiya, Santosh Biswas, Sukumar Nandi
2013-07-26
Cryptography and Security · Computer Science
Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming
Olivier Gilles, Franck Viguier, Nikolai Kosmatov, Daniel Gracia Pérez
2022-11-30