PAIRS: Control Flow Protection using Phantom Addressed Instructions
Code-reuse attacks continue to pose a significant threat to systems security, from resource constrained environments to data-centers. Current mitigation techniques suffer from significant performance and energy overheads especially in the embedded domain. A viable alternative which, thus far, has been a software only mitigation, is Execution Path Randomization (EPR). The basic idea in EPR is to frequently switch between two distinct program variants forcing the attacker to gamble on which code to reuse. In this paper, we propose a novel technique, the Phantom Addressed Instructions that are Randomly Selected (PAIRS) that enables an efficient implementation of EPR with minor hardware adjustments and no source code modifications. For certain modes of operation, PAIRS does not require program re-compilation, thus is applicable to legacy binaries. Compared to state-of-the-art defenses, PAIRS has negligible performance overheads making it viable for embedded IoT devices up to server-grade systems.
READ FULL TEXT