Taxi : defeating code reuse attacks with tagged memory
DownloadFull printable version (858.6Kb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Howard E. Shrobe.
Terms of use
Metadata
Show full item recordAbstract
The rise of code reuse attacks has been devastating for users of languages like C and C++ that lack memory safety. We survey existing defenses to understand why none are generally applicable, focusing our attention on the Code Pointer Integrity (CPI) defense. We show that while CPI is hard to implement securely on modern architectures, it is based on the promising idea of storing metadata on memory. We also introduce Taxi (Tagged C), a set of hardware modifications that aim to prevent code reuse attacks by storing small amounts of memory metadata known as tags in hardware. Our reference implementation prevents several classes of code reuse attacks without losing compatibility with the C memory model and provides valuable insight into how tagged architectures can be used to enforce security properties on existing code.
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 105-111).
Date issued
2015Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.