<i>SCORE</i>: Source Code Optimization &amp; REconstruction

Suk, Jae Hyuk; Lee, Young Bi; Lee, Dong Hoon

doi:10.1109/access.2020.3008905

Cited by 5 publications

(3 citation statements)

References 16 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This encryption makes it difficult for attackers to obtain, analyze, and use these code segments, data segments, and control flow information to launch attacks and effectively reduces the threat of code reuse attacks. Encryption of sensitive data related to control flow information can be implemented from both software [ 26 , 27 ] and hardware [ 28 , 29 ] perspectives. Software implementations offer advantages such as strong flexibility.…”

Section: Related Workmentioning

confidence: 99%

“…Software encryption implementation mainly involves obfuscation-based mechanisms [ 9 , 26 ] and dynamic encryption mechanisms based on encryption algorithms. Li designed an obfuscation algorithm for program control flow graphs.…”

Section: Related Workmentioning

confidence: 99%

“…Pseudo-functions and pseudo-control flows are also introduced to enhance obfuscation strength significantly, aiming to conceal the program’s control flow [ 9 ]. Suk designed an obfuscation tool called SCORE that provides control flow obfuscation techniques at the source code level, optimizing and refactoring programs while improving the readability of obfuscated source code [ 26 ]. While obfuscation techniques can effectively increase program security, imperfect obfuscation may introduce vulnerabilities and redundant code, affecting program performance and maintainability.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

View full text Add to dashboard Cite

The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

show abstract