Detecting Code Reuse Attacks with Branch Prediction

Lee, Yongsuk; Lee, Gyungho

doi:10.1109/mc.2018.2141035

Cited by 27 publications

(50 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other words, the encoding key represents the context of a particular call sequence. This differentiates HW-CDI from previously proposed control data protection schemes [1], [23], [42], [43]. At the return after finishing Function_A, the ret instruction decodes the return address with the key before loading the return address to the program counter.…”

Section: A Basic Approachmentioning

confidence: 95%

“…To ameliorate the coarse-grained CFI, heuristics about the legitimacy of the target addresses have been introduced [22], e.g., a return target should be the location below the corresponding call site. Additionally, hardware assistance including efforts to utilize branch prediction and monitoring/ debugging features have been proposed for less performance overhead and better distinction of the control flow transfers [22], [23]. Coarse-grained CFI implementations with the hardware support cause generally less performance overhead; however, the vulnerability of the CFI implementations remains more or less intact [17], [24].…”

Section: Control Flow Integrity and Control Data Integritymentioning

confidence: 99%

“…RAS and BTB are softwaretransparent storage and can be employed to detect potential malicious control flows and unusual return paths because a target address for such cases has never been executed, which causes a mis-prediction. RAS provides a prediction success rate of 98% or above in general [23], which will drastically reduce the needs for the control flow validation for CFI. Note that since the control data are function pointers and return addresses, it is less likely that dependencies between the instruction defining the control data and the indirect branch instruction using it within the pipeline timing window of one cycle will cause an extra delay over the case of no encoding applied.…”

Section: Performancementioning

confidence: 99%

See 2 more Smart Citations

HW-CDI: Hard-Wired Control Data Integrity

Lee

2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.INDEX TERMS Control data, control flow integrity, indirect branch, instruction set architecture, software security.

show abstract

Section: A Basic Approachmentioning

confidence: 95%

Section: Control Flow Integrity and Control Data Integritymentioning

confidence: 99%

Section: Performancementioning

confidence: 99%

See 1 more Smart Citation

HW-CDI: Hard-Wired Control Data Integrity

Lee

2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…Here, we compare the performance of several commonly-used OOD detection metrics, including Softmax [23], Entropy [23], Energy [38], GradNorm [26] and Mahalanobis distance [34]. We perform OOD detection with MIM pretext task with each metric -the results are shown in Tab.…”

Section: Ood Detection Metric Is Importantmentioning

confidence: 99%

Identity of university Chinese heritage language learners in Hong Kong

Li¹,

李蓁²

View full text Add to dashboard Cite

The core of out-of-distribution (OOD) detection is to learn the in-distribution (ID) representation, which is distinguishable from OOD samples. Previous work applied recognition-based methods to learn the ID features, which tend to learn shortcuts instead of comprehensive representations. In this work, we find surprisingly that simply using reconstruction-based methods could boost the performance of OOD detection significantly. We deeply explore the main contributors of OOD detection and find that reconstructionbased pretext tasks have the potential to provide a generally applicable and efficacious prior, which benefits the model in learning intrinsic data distributions of the ID dataset. Specifically, we take Masked Image Modeling as a pretext task for our OOD detection framework (MOOD). Without bells and whistles, MOOD outperforms previous SOTA of one-class OOD detection by 5.7%, multi-class OOD detection by 3.0%, and near-distribution OOD detection by 2.1%. It even defeats the 10-shot-per-class outlier exposure OOD detection, although we do not include any OOD samples for our detection.

show abstract

“…Settings for Evaluation Datasets. Following the previous work (Lee et al, 2018), we use a positive (i.e., attacked) and a negative (i.e., benign) dataset to evaluate each defense. Specifically, the positive dataset contains the attacked testset and its augmented version, while the negative dataset contains a benign testset and its augmented version.…”

Section: Main Settingsmentioning

confidence: 99%

SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency

Guo¹,

Li²,

Chen³

et al. 2023

Preprint

View full text Add to dashboard Cite

Deep neural networks (DNNs) are vulnerable to backdoor attacks, where adversaries embed a hidden backdoor trigger during the training process for malicious prediction manipulation. These attacks pose great threats to the applications of DNNs under the real-world machine learning as a service (MLaaS) setting, where the deployed model is fully black-box while the users can only query and obtain its predictions. Currently, there are many existing defenses to reduce backdoor threats. However, almost all of them cannot be adopted in MLaaS scenarios since they require getting access to or even modifying the suspicious models. In this paper, we propose a simple yet effective black-box input-level backdoor detection, called SCALE-UP, which requires only the predicted labels to alleviate this problem. Specifically, we identify and filter malicious testing samples by analyzing their prediction consistency during the pixel-wise amplification process. Our defense is motivated by an intriguing observation (dubbed scaled prediction consistency) that the predictions of poisoned samples are significantly more consistent compared to those of benign ones when amplifying all pixel values. Besides, we also provide theoretical foundations to explain this phenomenon. Extensive experiments are conducted on benchmark datasets, verifying the effectiveness and efficiency of our defense and its resistance to potential adaptive attacks. Our codes are available at https://github.com/JunfengGo/SCALE-UP.

show abstract

Detecting Code Reuse Attacks with Branch Prediction

Cited by 27 publications

References 9 publications

HW-CDI: Hard-Wired Control Data Integrity

HW-CDI: Hard-Wired Control Data Integrity

Identity of university Chinese heritage language learners in Hong Kong

SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency

Contact Info

Product

Resources

About