Data Science Day @ Columbia University has ended
Columbia University’s Data Science Institute Presents:

Authors/Collaborators are listed in alphabetical order.

Back To Schedule
Wednesday, April 6 • 2:00pm - 4:30pm
Preventing Code-Reuse Attacks with Instruction-Set Randomization [P24]

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Instruction Set Randomization (ISR) was proposed in the last decade as a countermeasure against code injection attacks, where attackers introduce new code into the system as a step towards gaining control. Conventional wisdom is that ISR has lost its relevance due to the prevalence of code-reuse attacks, , a newer and harder threat, wherein the attackers stitches together existing code towards the same end. Code-injection no longer remains a critical component in typical contemporary attacks. In this work, we show that ISR is ineffective even against code-injection but (surprisingly) can be relevant against code-reuse attacks. However, to provide this capability, ISR needs to satisfy additional properties, specifically strong encryption, not found in older ISR implementations. We implement a new ISR system, called Polyglot, on a SPARC32-based Leon3 FPGA system that runs Linux. We show that it incurs very low performance overhead (approx. 6% for SPEC CPU benchmarks), while defending against ROP attacks and allowing critical features like page-sharing. Additionally, we argue that for threat models used by previous work, our scheme incurs no overhead on modern systems.

Demo/Poster Presenter

Kanad Sinha

PhD Candidate in Computer Science, Columbia Engineering

Demo/Poster Collaborator

Vasileios Kemerlis

PhD Candidate in Computer Science, Columbia Engineering

Angelos Keromytis

Associate Professor of Computer Science, Columbia Engineering
avatar for Simha Sethumadhavan

Simha Sethumadhavan

Associate Professor of Computer Science, Columbia University
Simha Sethumadhavan is an Associate Professor of Computer Science at Columbia Engineering. He is the founding director of the Computer Architecture and Security Technologies Lab (CASTL) at Columbia University. Sethumadhavan’s research interests are in hardware security, hardware... Read More →

Wednesday April 6, 2016 2:00pm - 4:30pm EDT
Roone Arledge Auditorium Lerner Hall, Columbia University 2920 Broadway, New York, NY 10040